Spyware app gets hacked
A spyware app designed to help people track the location and activity of other Android smartphone users has been hacked, TechCrunch reports.
LetMeSpy is an Android app marketed as a tool for parental or employee monitoring.
However, it is one of several apps commonly abused by stalkers or abusive partners to spy on unsuspecting victims.
Once installed on a target’s phone, it can relay text messages, call logs, and exact location data to the installer’s device.
It does so in the background, and the user being tracked is usually unaware of its presence.
TechCrunch said because of the extensive access privileges these apps require, they are infamously vulnerable to security flaws, and several have been hacked in the past few years.
That has resulted in private phone data being exposed to people other than the original installer.
TechCrunch first learned about the incident affecting LetMeSpy through a post on Polish security research blog Niebezpiecznik.
When the blog contacted LetMeSpy for comment, the hacker responded instead.
The hacker claimed they had deleted LetMeSpy’s databases, but a copy of the hacked database appeared online on the same day.
TechCrunch verified the contents, which contained years of call logs and text messages from at least 13,000 devices going back to 2013.
In a subsequent notice on its login page, LetMeSpy said it suffered an attack that led to unauthorised access to data on its servers.
“The criminals gained access to e-mail addresses, telephone numbers and the content of messages collected on accounts,” the notice read.
At the time of publication, LetMeSpy’s website live tracker showed it was tracking 0 devices, 0 text messages, 0 call logs, and 0 locations.
An Internet Archive Wayback Machine-stored version of the website from 29 January 2023 showed it was tracking over 236,000 phones, 63.51 million messages, 39.71 million call logs, and 43.21 locations.
Loading ...