Spyware company ‘bankrupt’ after hacker leaked data on own site

ASD's ACSC launches ACT NOW alert on the new Ivanti CSA 4.6 vulnerability

Spyware company ‘bankrupt’ after hacker leaked data on own site

A cyberattack on spyware app pcTattletale wiped out the business, according to the company’s founder.

The company, which advertises itself as an employee and child tracking service, is a consumer spyware or “stalkerware” application that allows users to monitor other devices by viewing screenshots of victims’ Android or Windows devices. . Programs like pcTattletale can and have been used for nefarious purposes, such as monitoring victims’ devices to collect data or spying on spouses without consent.

Just a few days ago, the company’s website was defaced by a hacker who posted links containing data scraped from pcTattletale’s servers. The data included customer data and stolen data from victims of the program. According to Have I Been Pwned via TechCrunch, the program had 138,000 customers.

Additionally, the hacker said the program’s servers could be tricked into handing over Amazon Web Services private keys. With this, the hacker was able to access the Amazon S3 storage used by pcTattletale and the 300 million screenshots stored on it.

The hacker did not reveal the reason for the attack.

Speaking to TechCrunch, company founder Bryan Fleming said he is now unable to access the Amazon Web Services account.

“I removed everything because the data breach could have exposed my clients,” he said.

“The account is closed; “servers are deleted.”

Fleming did not explain why the data was deleted without customers being notified first, adding that he did not keep a copy of the data. TechCrunch said it then stopped responding to queries.

PcTattletale had been compromised for some time, and a security researcher published a report shortly before the breach that described a vulnerability where specific devices could leak screenshots. However, the hacker did not exploit this vulnerability.

The pcTattletale website was taken offline 20 hours after the breach. It is still inaccessible at the time of writing.

Leave a Reply

Your email address will not be published. Required fields are marked *