On June 21, LetMeSpy, a popular phone monitoring app, fell victim to a cyber attack. The attack compromised sensitive user data, including emails, telephone numbers, and messages. This incident has raised serious security and privacy issues related to monitoring applications. This article covers details surrounding the hack, its consequences and what led up to it.
The Nature of LetMeSpy
LetMeSpy is essentially a phone monitoring app that operates discreetly on Android devices. Marketed primarily for parental control and employee monitoring, it remains hidden on the phone’s home screen, making detection and removal challenging.
How does LetMeSpy Operate?
Once installed, LetMeSpy silently uploads text messages, call logs, and precise location data to its servers. This allows the user who installed the app to track and monitor the target device in real time. Given its stealthy nature, it has also earned the moniker of stalkerware or spouseware.
Details of the LetMeSpy Hack
Polish security research blog Niebezpiecznik first reported the breach. According to LetMeSpy’s notice on its login page, unauthorized access to user data was gained through this security breach.
Extent of Data Compromised
Hackers accessed email addresses, telephone numbers, and content of messages collected on accounts. The database that was hacked contained records of at least 13,000 compromised devices, along with over 13,400 location data points. Furthermore, the database included information about 26,000 customers who used LetMeSpy for free, along with email addresses of paying subscribers.
The Aftermath of the Breach
The hacker behind this breach claimed to have deleted LetMeSpy’s databases stored on the server. However, a copy of the database appeared online later the same day. DDoSecrets, a nonprofit transparency collective, obtained a copy and restricted its distribution to journalists and researchers due to the sensitive nature of the data.
Impact on LetMeSpy’s Operations
Post-breach, the functionality of LetMeSpy’s website and application has been severely hampered. TechCrunch analyzed the network traffic of the LetMeSpy phone app and reported that it appeared to be non-functional.
The Identity Behind LetMeSpy
Information in the leaked database indicates that LetMeSpy was designed and is maintained by Rafal Lidwin from Krakow in Poland, although Lidwin did not respond to our inquiries about commenting as often times developers of spyware such as this are trying to remain unnoticed in order to avoid legal implications for creating and using their product.
Steps for Protecting Yourself
If you suspect that your device may be compromised by spyware like LetMeSpy, it is essential to take steps to secure your data and privacy.
Detecting and Removing Spyware
LetMeSpy, identified as “LMS” with a distinctive icon, is easier to find and uninstall compared to other spyware. You should also enable Google Play Protect, a safeguard against malicious Android apps, from the settings menu in Google Play.
Addressing the Bigger Issue
The LetMeSpy hack is a part of a larger pattern where spyware and monitoring apps like Xnspy, KidsGuard, TheTruthSpy, and Support King have been hacked or breached in the past. This underlines the need for robust security measures and regulatory oversight for such applications to prevent unauthorized access to sensitive data.
Also Read – Wordle 738 Answer Today – Know Today Wordle Hints & Answer Here!
I'm an Ethical Hacker, Penetration Tester, Content Creator, Technology Lover, Passionate Learner & The Founder of Spinning Security. For Any Inquiry Contact Us Here :- contect.spinningtech@gmail.com
- How to Design a Huddle Room with Optimal AV Solutions? - September 25, 2024
- Bang & Olufsen’s Contribution to Hi-Fi Audio - September 24, 2024
- What to Do When You Realize You’re Living Above Your Means - September 17, 2024