TheTruthSpy Breached, Exposing Data of 50,000 Devices
In a significant breach of privacy, TheTruthSpy, a surveillance application, has been hacked, compromising the data of over 50,000 Android devices across the globe. This incident marks the fourth time the application has fallen victim to hackers due to the same unfixed security flaw.
According to Malwarebytes Labs, TheTruthSpy's operations have been under scrutiny for their inadequate cybersecurity measures since 2022. This latest breach was performed by two independent hacking groups, ByteMeCrew and SiegedSec, who exploited a known Insecure Direct Object Reference (IDOR) vulnerability within TheTruthSpy's system.
This flaw, discovered in 2022 and still unfixed, grants access to the personal data of those the app is being used to monitor, including text logs, call history, and precise location information.
Highlighting the app’s controversial nature, Malwarebytes stated: “TheTruthSpy markets itself as a tool that can be placed in the hands of employers who want to keep tabs on employees in the workplace, or in the hands of parents who want to look after their kids. But it can just as easily be placed in the hands of stalkers, abusive partners, or someone who just wants to get a leg up in their divorce proceedings.”
Switzerland-based hacker maia arson crimew criticized TheTruthSpy for not addressing the security vulnerability that has been known for years. "They had like two years to fix this," crimew expressed, showing frustration over the repeated negligence shown by TheTruthSpy's developers.
The hacking groups behind the breach have assured that the data will not be publicly released, considering its sensitive nature. TechCrunch, in response to the ongoing threat posed by TheTruthSpy, has updated its spyware lookup tool, allowing users to check if their devices have been compromised.
This latest breach is a continuation of TheTruthSpy's troubled history, with previous incidents also resulting in the exposure of data. Both the ethical implications of stalkerware and the responsibility of developers to ensure user safety are under question. As the conversation around digital privacy continues, the need for stringent security measures and ethical considerations in software development is apparent.
Please, comment on how to improve this article. Your feedback matters!