> I can find pentesting services for companies. I can find some which claim to test the security of CEOs and celebrities. But I can't find anything for ordinary people.
I'm sorry to be harsh on this person but this is quite a dumb post. What is the difference between hacking a celebrity vs an ordinary person? None.
Any penetration testing / security consultancy will be able to do what you're asking for, provided you can pay their rate.
> Does this service exist? If not, is this a million-dollar start-up idea?
No it is definitely not a million-dollar startup idea. It also wouldn't be a startup it would be a consultancy. Penetration testing firms can easily charge clients up to around $1000 / day. How many individuals are going to pay multiples of $1000 to see how secure their online data is?
You cannot in fact pay a pentest firm to hack a SAAS provider that has your data. The companies claiming to do this for "CEOs and celebrities" are, to some extent, lying.
One why would be, as long as you don't have a clause permitting this in your contract with the SaaS provider (which "ordinary" people as in this context usually don't have) it would be considered an offense in most countries.
If you're a company and the SaaS provider is of similar or small scale you might be able to work with them if you have special security concerns that exceed their regular customer base. You could maybe even get them to hire a consultancy to check or recheck their services but in no case would you ever just go out and do that of your own volition.
Independent of that, even in a personal context, people use SaaS providers because they trust their ability to do a certain job better and/or cheaper than you could do yourself. That usually includes the factor of securing their data, if only because it's in their best interest not to have PR disasters and lose customers.
You either need prior approval or follow certain rules to conduct any pen-testing, red-team exercises etc. on most cloud platforms, largely to prevent happy-go-lucky/break-things-fast types from installing Kali on a whim and running a riot.
In general, obtaining access to your account at some service providers requires you to defraud, social engineer or hack that service. To be able to do that legally, you need permission from the service provider, permission of the owner of the account isn't sufficient.
So any company claiming to provide such service is either not doing so legally or (more likely) limiting their activities to various passive approaches and not attempting to actually pentest/social engineer access to your accounts in ways like an actual attacker would; so they're implying that they provide a better, more serious service than they actually do.
I'm sorry to be harsh on this person but this is quite a dumb post. What is the difference between hacking a celebrity vs an ordinary person? None.
Any penetration testing / security consultancy will be able to do what you're asking for, provided you can pay their rate.
> Does this service exist? If not, is this a million-dollar start-up idea?
No it is definitely not a million-dollar startup idea. It also wouldn't be a startup it would be a consultancy. Penetration testing firms can easily charge clients up to around $1000 / day. How many individuals are going to pay multiples of $1000 to see how secure their online data is?