Hackers Target pcTattletale Spyware: Makers Close Shop

Hackers have targeted the controversial spyware application pcTattletale, forcing the company to shut down after a major data breach compromised customer information and exposed sensitive data. According to TechCrunch, Bryan Fleming, the founder of pcTattletale, announced that the company is “out of business and completely done” following the breach.

The hackers defaced the company's website and published large amounts of data from pcTattletale’s servers. The spyware app, known for its ability to monitor individuals without their knowledge, had accumulated 138,000 customers who used the service to track employees and, illegally, domestic partners.

Security researcher Eric Daigle had also recently found the spyware on the booking systems of several Wyndham hotels in the US, which led to the exposure of guest details and reservation information due to an API security vulnerability.

Despite attempts to contact pcTattletale about the flaw, the company did not respond, leaving the vulnerability unfixed. Daigle explained that anyone on the internet could exploit this flaw to download sensitive screenshots captured by the spyware.

Fleming confirmed that he had deleted the company's Amazon Web Services (AWS) account and servers to prevent further data exposure. “I deleted everything because the data breach could have exposed my customers,” Fleming told TechCrunch.

The breach, which affected approximately 139,000 unique email addresses, included device information, MD5 hashed passwords, and SMS texts. About 58% of these emails are already listed in the data breach notification service Have I Been Pwned.

The incident with pcTattletale is not isolated. Similar breaches have plagued the spyware industry, exposing the half-baked security measures used by these companies. Notably, Polish-developed spyware LetMeSpy shut down in June 2023 after a similar hack that also led to data exposure.