U.S.-made spyware app pcTattletale, which is known for its ability to track people’s devices without their consent, has been hacked and its internal data has been leaked. The hacker responsible for the breach claimed to have hacked the servers containing pcTattletale’s operations and published the stolen data on the spyware maker’s own website.
The breach was discovered when the hacker posted a message on pcTattletale’s website, stating that they had successfully hacked into the company’s servers. Shortly after, the website contained links to files that appeared to include stolen data from some of the app’s victims. To protect the victims’ compromised private data, TechCrunch has refrained from linking to the site.
pcTattletale’s founder Bryan Fleming has not responded to requests for comment, and it is unknown if he is able to receive emails due to the company’s ongoing outage.
The motivation behind the breach remains unclear. However, it comes just days after a security researcher named Eric Daigle reported a vulnerability in the pcTattletale app that allowed it to leak screenshots of the devices it was installed on. Daigle claimed that he had notified pcTattletale about the vulnerability, but the company had ignored his requests to fix the issue.
Interestingly, the hacker who breached pcTattletale’s website did not exploit the vulnerability discovered by Daigle. Instead, they stated that pcTattletale’s servers could be manipulated to reveal the private keys for its Amazon Web Services account. Access to this account would provide complete control over the spyware’s operations.
pcTattletale is a remote access app commonly referred to as “stalkerware” due to its intrusive tracking capabilities. The app allows the person who installs it to remotely view the target’s Android or Windows device and its data from anywhere in the world. pcTattletale claims that its app operates invisibly in the background and cannot be detected. However, spyware apps like pcTattletale are designed to be difficult to identify and remove.
This breach adds to a growing list of spyware makers that have lost control of sensitive and personal data collected from their targets’ devices. Over the past few years, numerous spyware and stalkerware companies have been hacked or had victims’ data exposed multiple times. Some examples include LetMeSpy, a Polish-developed spyware that shut down in 2023 after its systems were hacked and its backend data was deleted, and TheTruthSpy, a phone spyware operation created by Vietnamese developers that was hacked again earlier this year.
pcTattletale now joins the ranks of these hacked spyware makers, including KidsGuard, Xnspy, Support King, and Spyhide. The increasing frequency of these breaches raises concerns about the security and privacy implications of using such apps. Individuals and organizations should exercise caution when installing or utilizing spyware applications, as they are inherently invasive and can easily be exploited by malicious actors.
Source link