US-made consumer-grade spyware app pcTattletale has been hacked and its internal data published on its own website, according to the hacker who claimed responsibility for the breach.
The hacker posted a message on pcTattletale’s website late Friday night claiming to have compromised the servers on which pcTattletale operates. The spyware maker’s website had for some time contained links to files from its servers, including stolen data from some victims. TechCrunch is not linking to the site because of the ongoing risk to victims whose private data has already been put at risk by the spyware.
PCTattleTale founder Brian Fleming did not respond to an email seeking comment. It’s unclear whether Fleming can receive emails due to the ongoing disruption at his company.
The hacker did not give any specific reason behind the breach. The hack comes several days after a security researcher said he found and reported a vulnerability in the spyware app itself that leaked screenshots of the devices it was installed on. Researcher Eric Daigle said They did not publish specific details of the flaw. Because pcTattletale ignored requests to fix the vulnerability.
The hacker who breached and damaged PCTattleTale’s website did not exploit the weakness found by Daigle, but said that PCTattleTale’s servers could be used to trick a user into handing over the private key to his Amazon Web Services account, providing access to the spyware’s operations.
PCTattleTale, a type of remote access app often referred to as “stalkerware” due to its ability to track people without their knowledge or consent, allows the person who installs the app to view the target’s Android or Windows device and its data from anywhere in the world. PCTattleTale says the app “runs invisibly in the background on their workstation and cannot be detected.” Spyware apps are stealthy by nature, and are therefore difficult to identify and remove.
Earlier this week TechCrunch revealed that PCTattleTale It was used to compromise the front desk check-in systems at several Wyndham hotels across the US, which leaked screenshots of guest details and customer information. Wyndham did not say whether it allowed its franchised hotels to use the spyware app on their systems.
It’s the latest example of spyware makers losing control over the highly sensitive and personal data they collect from their targets’ devices. According to a count released by TechCrunch, more than a dozen spyware and stalkerware companies have been hacked, or otherwise leaked victims’ private data, in recent years — in some cases multiple times.
The list of hacked spyware makers also includes LetMeSpy, a spyware created by a Polish developer, shut down After June 2023 Its systems were hacked and its backend data was destroyed; and TheTruthSpy, a phone spyware operation Built and operated by Vietnamese developersWho was it Hacked again in February.
Other hacked spyware makers include KidsGuard, XNSpy, Support King, Spyhide – and now PCTattleTale.
spyware-app-pctattletale-was-hacked-and-its-website-defaced-techcrunch
