mSpy, a company that provides parents with tools for monitoring computers and mobile devices, has admitted to a data breach but has claimed that no personal information was exposed.
The company denied the breach when first approached by security expert Brian Krebs, saying that reports of the incident were wrong.
mSpy changed its tune later, however, telling the BBC that something had occurred. The BBC has also discovered that UK data watchdog the Information Commissioner's Office is now involved. mSpy did not comment on this.
The firm provides a service aimed at concerned parents but which can be put to use by anyone who wants to keep a digital ear and eye on the communications of an associate or spouse, for example.
This official oversight is fine, but a data breach complicates matters. mSpy told the BBC that, although a hack has taken place, its customers' details were not compromised.
"There is no data on 400,000 of our customers on the web," said a spokesperson. "We believe we have become a victim of a predatory attack, aimed to take advantage of our estimated commercial achievements."
Krebs said in a blog post that the plundered documents and data are on the so-called dark web, and he claims to have downloaded and assessed the information.
Mobile spyware maker mSpy continues to deny breach, even as customers confirm it http://t.co/liQVhkvD3I— briankrebs (@briankrebs) May 21, 2015
"No, the stolen records aren't on the web; rather, they've been posted to various sites on the Deep Web, which is only accessible using Tor," he wrote.
"Also, I don't doubt that mSpy was the target of extortion attempts; the fact that the company did not pay the extortionist is likely what resulted in its customers' data being posted online.
"I spent the better part of the day today pulling customer records from the hundreds of gigabytes of data leaked from mSpy.
"I spoke with multiple customers whose payment and personal data - and that of their kids, employees and significant others - were included in the huge cache. All confirmed they are or were recently paying customers of mSpy."
IBM and Technical University of Munich team demonstrate how Shor's algorithm, which can't be cracked by conventional computers, can be solved quickly with quantum computing
Hubble Space Telescope finds superflares from young red dwarfs could strip away planetary atmosphere
Younger stars are 100 to 1,000 times more energetic than when they're older
Two of the big four supermarkets will use the system to control sales of restricted products
PUBG news and updates: November's Update #23 to bring new Skorpion pistol and changes to blue zone visibility
Genuinely useful side-arm coming to PUBG in Update #23