Notorious spyware app shuts down after attacker compromised and deleted server data

LetMeSpy, a commercial spyware product that consumers can purchase and use to spy on Android devices, is shutting down as a direct result of a data breach where a threat actor compromised corporate servers and erased most of the data found there.

As reported by TechCrunchLetMeSpy has published a notice on its website informing its users that it will no longer be offering its services to anyone by the end of the month:

“Dear all, we would like to inform you that from August 31, 2023 the website letmespy.com will stop working, so we would like to provide you with some information,” the message reads. “Due to the data security incident that occurred on June 21, 2023, access to user accounts was blocked for security reasons. After that date, the LetMeSpy service was disabled, as was the ability to log into user accounts and register new user accounts on the site.

Those wishing to access the data available in their user account are advised to contact the company individually before September 30 this year, using the email at the Company website. “After the expiration of the retention period under applicable law, the data stored in user accounts will be deleted,” the notice concludes.

In late June 2023, LetMeSpy warned of a “security incident” in which an unauthorized third party gained access to “website users” data. “As a result of the attack, the criminals gained access to email addresses, phone numbers and the contents of messages collected from accounts,” the announcement read at the time.

The message horde collected by the hacker seems quite extensive. After reviewing sample data, TechCrunch noted data was taken from at least 13,000 devices, including “years worth of victims’ call logs and text messages” dating back to 2013. More than 13,000 location data points, for thousands of victims, were also deleted. also stolen. This data suggests that most of the victims live in the US, India and West Africa. In addition, the app’s main database was also seized, which includes details of some 26,000 customers who used the app for free, as well as the email addresses of those who paid for the subscription. The company’s website was also taken over by the attackers.

Analysis: why is it important?

The developers of spyware apps argue that the purpose of their products is security and often claim that it is a good way for parents to monitor what their children are doing online. In reality, however, the apps are mainly used by spouses in dysfunctional families and the like. Since the apps are designed to remain invisible on devices where they are installed, many victims carry them without knowledge or consent. As a result, the apps are considered illegal in some parts of the world.

LetMeSpy uploaded all text messages, call logs and location data to its servers without notifying the device owner. It then shares the data with the person who installed the app on another device. That makes the apps an ideal gateway for hackers looking to steal sensitive data, especially if they are poorly executed and contain errors. According to some researchers, most of these apps are hollow like Swiss cheese.

The threat from spyware apps, also known as stalkerware, has more than tripled in the past three years, Avast cybersecurity researchers recently said. The company’s Threat Researchers division, part of the Coalition Against Stalkerware, revealed that, based on its telemetry, the chance of encountering this form of mobile malware has increased by 329% since 2020.

If your device is experiencing unexplained performance drops, starts crashing or freezing for no apparent reason, gets too hot, or suddenly starts using too much battery, there may be a stalkerware app hiding somewhere. Avast also says that if you suddenly have a new browser home page, new icons on your desktop, or a different default search engine, it might be a good time to scan the phone for malware.

What have others said about the news?

In the description of the news, Global village space says the shutdown of LetMeSpy highlights “growing concerns” about these apps being used to violate people’s privacy. “Such invasive surveillance can have serious consequences for victims, including emotional distress, stalking and harassment,” the publication states.

It further highlights that governments around the world have been pushing to combat these tools, citing Support King, a technology company banned from the surveillance industry in 2021 by the Federal Trade Commission (FTC) for mishandling stolen data. facts. “This regulatory action sends a strong signal that spyware abuse will not be tolerated;” it added. The battle may be won, but the war continues, it concluded.

Reddit users cheered the news, with one user saying, “You reap what you sow,” and another adding, “Whoever did, well done.”

Go deeper

If you want to learn more about staying safe online, start by reading our guide on the best malware removal tools straight away. Also have a look how to clean your android deviceas well as what are the best iOS antivirus apps.

Through: TechCrunch

Related Post