Radeal, the Polish developer of Android stalkerware ‘LetMeSpy’, is informing users that their personal information and collected data was stolen as a result of a cyberattack.
A free application, LetMeSpy, just as its name suggests, collects information from the phones it has been installed on, including call logs, text messages, and device location.
The phone monitoring application is marketed as offering parental control and employee monitoring capabilities, but it essentially allows users to spy on others after installing the software on their devices, likely without their knowledge.
In fact, once up and running on a device, LetMeSpy hides its icon from the phone’s home screen, to prevent detection and removal.
The application uploads the collected information to remote servers, where the user who installed it can access it, essentially tracking a person in real time.
In an incident notification posted on the LetMeSpy login page, Radeal is informing users that it fell victim to a cyberattack that resulted in “unauthorized access to the data of website users”.
“As a result of the attack, the criminals gained access to e-mail addresses, telephone numbers and the content of messages collected on accounts,” Radeal says.
The application developer suspended all account-related functions of the website, promising to restore them after mitigating the attack. Law enforcement was also informed about the incident.
According to security researcher Maia Arson Crimew, who received a copy of the allegedly stolen data, the attackers got their hands on call logs, messages, user IDs, email addresses, password hashes, geolocation logs, IP addresses, payment logs, and phone information.
The data also shows that LetMeSpy was installed on roughly 10,000 phones, although a large percentage of these devices never sent activity updates.
Crimew also discovered that at least three government workers, a Broussard police officer, and an employee at a rival stalkware company signed up for the application, though they do not appear to have used it.
However, Crimew did notice that a significant number of LetMeSpy users are US college students, likely looking to spy on their partners. The stolen information also includes global configuration data for the site, the researcher notes.
Related: American Airlines, Southwest Airlines Impacted by Data Breach at Third-Party Provider
Related: Intellihartx Informs 490k Patients of GoAnywhere-Related Data Breach
Related: Toyota Discloses New Data Breach Involving Vehicle, Customer Information
More from Ionut Arghire
- Generative AI Startup Nexusflow Raises $10.6 Million
- Researchers Extract Sounds From Still Images on Smartphone Cameras
- Hackers Set Sights on Apache NiFi Flaw That Exposes Many Organizations to Attacks
- Cloudflare Users Exposed to Attacks Launched From Within Cloudflare: Researchers
- FBI Warns Organizations of Dual Ransomware, Wiper Attacks
- Lumu Raises $30 Million for Threat Detection and Response Platform
- Cisco Warns of IOS Software Zero-Day Exploitation Attempts
- Russian Zero-Day Acquisition Firm Offers $20 Million for Android, iOS Exploits
Latest News
- Bankrupt IronNet Shuts Down Operations
- AWS Using MadPot Decoy System to Disrupt APTs, Botnets
- Generative AI Startup Nexusflow Raises $10.6 Million
- In Other News: RSA Encryption Attack, Meta AI Privacy, ShinyHunters Hacker Guilty Plea
- Researchers Extract Sounds From Still Images on Smartphone Cameras
- National Security Agency is Starting an Artificial Intelligence Security Center
- CISA Warns of Old JBoss RichFaces Vulnerability Being Exploited in Attacks
- Hackers Set Sights on Apache NiFi Flaw That Exposes Many Organizations to Attacks
