LetMeSpy Phone-Tracking App Hacked, Revealing User Data
With at least 13,000 compromised devices in the data leak, it is still unknown who the threat actor is or whether or not victims will be personally notified.
LetMeSpy, an Android phone-tracking company that has been used to track more than 236,000 phones, was hacked on June 21, resulting in threat actors gaining unauthorized access to its users' data dating as far back as 2013.
The hack was discovered by a Polish security research team at Niebezpiecznik, which contacted the maker of the spyware app — but the researchers instead received a response from the threat actor, suggesting the person had taken over the LetMeSpy domain. It is unknown who the threat actor is or what the motives are.
The phone-tracking app, designed to be hidden from the home screen of a phone in order to remain undetected, was created for and marketed toward parents to control the phone usage of minors and for employers to monitor employees. But the app can also be used in more malicious and threatening "stalkerware" ways, such as an abusive spouse planting the app in a partner's phone, allowing access to any data the stalker deems necessary. Once the app is downloaded, it uploads information — including texts, call logs, and location data — so that an individual can be tracked to a precise location.
Target for Leaks and Hacks
Because they have a deep level of accessibility into phone, these types of apps are targets for leaks and hacks.
"The database we reviewed contained current records on at least 13,000 compromised devices, including detailed phone records, though some of the devices shared little to no data with LetMeSpy (LetMeSpy claims to delete data after two months of account inactivity)," stated TechCrunch, which obtained a copy of the leaked data.
LetMeSpy has stated that it has notified law enforcement and its local data protection authority, UODO, but it is unknown as to whether or not it will be notifying victims who have compromised phones.
About the Author
You May Also Like
Unleashing AI to Assess Cyber Security Risk
Nov 12, 2024Securing Tomorrow, Today: How to Navigate Zero Trust
Nov 13, 2024The State of Attack Surface Management (ASM), Featuring Forrester
Nov 15, 2024Applying the Principle of Least Privilege to the Cloud
Nov 18, 2024The Right Way to Use Artificial Intelligence and Machine Learning in Incident Response
Nov 20, 2024