The US-made consumer spyware app pcTattletale has been hacked and its internal data posted on its own website, according to a hacker who claimed responsibility for the breach.
The hacker posted a message on the pcTattletale website on Friday night, claiming to have hacked into the servers that house pcTattletale's operations. The spyware maker's website briefly contained links containing files from its servers, which appeared to include data stolen from some victims. TechCrunch is not linking to the site given the continued risk to victims, whose private data has already been compromised by spyware.
pcTattletale founder Bryan Fleming did not respond to an email requesting comment. It is unclear whether Fleming can receive emails due to the ongoing disruption of his business.
The hacker did not provide a specific motivation for the breach. The hack comes several days after a security researcher said he found and reported a vulnerability in the spyware app itself, which leaks screenshots of devices on which it was installed. Researcher Eric Daigle said did not publish specific details of the failure because pcTattletale ignored requests to fix the vulnerability.
The hacker who compromised and defaced pcTattletale's website did not exploit the vulnerability Daigle found, but said pcTattletale's servers could be tricked into handing over the private keys to its amazon Web Services account, which grants access to the company's operations. spyware.
pcTattletale, a type of remote access application often called “stalkerware” for its ability to track people without their knowledge or consent, allows the person who installed the application to remotely view the target's Android or Windows device and its data from anywhere in the world. world. pcTattletale says the app “runs invisibly in the background on your workstations and cannot be detected.” Spyware applications are stealthy by nature and as such are difficult to identify and remove.
Earlier this week, TechCrunch revealed that pcTattletale was used to compromise the front desk check-in systems at several Wyndham hotels in the United States, leaking screenshots of guest details and customer information. Wyndham did not say whether it authorized or permitted its franchised hotels to use the spyware application on their systems.
This is the latest example of a spyware maker losing control of the personal and highly sensitive data it collects from its targets' devices. In recent years, more than a dozen spyware and stalkerware companies have been hacked or disclosed victims' private data (in some cases multiple times), according to an ongoing TechCrunch count.
That list of hacked spyware makers includes LetMeSpy, a spyware created by a Polish developer, which shut down in June 2023 after its systems were hacked and its backend data was deleted; and TheTruthSpy, a phone spyware operation created and operated by Vietnamese developers, which was hacked again in February.
Other pirated spyware makers include KidsGuard, Xnspy, Support King, Spyhide, and now pcTattletale.
