Subj : This top mobile phone spying app says it has been hacked, with th To : All From : TechnologyDaily Date : Wed Jun 28 2023 13:15:03 This top mobile phone spying app says it has been hacked, with thousands of users at risk Date: Wed, 28 Jun 2023 11:58:51 +0000 Description: Years of private message contents from LetMeSpy have been leaked online. FULL STORY ====================================================================== LetMeSpy, an Android application with thousands of customers that lets users spy on other smartphones, has been compromised and sensitive user data stolen, the apps manufacturer has confirmed. In an announcement published on the apps website, it was said that a security incident happened in late June 2023 in which an unauthorized third party accessed the data of website users. As a result of the attack, the criminals gained access to e-mail addresses, telephone numbers and the content of messages collected on accounts, the announcement added. The message horde collected by the hacker seem to be quite extensive. After reviewing sample data, TechCrunch noted at least 13,000 devices have had data taken, which includes years of victims call logs and text messages, dating back to 2013. Also, more than 13,000 location data points, for thousands of victims, were stolen, as well. This data suggests most victims live in the US, India, and Western Africa. Furthermore, the apps master database was taken too, which holds data on some 26,000 customers who used the app for free, as well as email addresses of those who paid for the subscription. But thats not all. The researchers that first discovered the breach - a Polish security research blog called Niebezpiecznik - reached out to the apps manufacturer for comment, and got a reply from - the attackers. Apparently, they had taken over the app makers domain. Indeed, the apps website has a counter for the number of users, text messages, call logs, and locations being tracked, and all of these are now showing zeroes. Also, the majority of the site seems to be broken and non-functioning. Earlier this year, the site said it was tracking more than 236,000 devices, TechCrunch reported. The hacker allegedly told the researchers that they deleted LetMeSpys databases from the servers, before leaking them online. LetMeSpy confirmed that the breach was reported to the local law enforcement and data protection authority, but it is unclear if the app can, and will, reach out to affected customers privately. Analysis: Why does it matter? While spy app manufacturers advertise their products as a security measure (for example, for parents to keep track of their children), they are mostly used by spouses interested in controlling or spying on their partners, or for similar goals. As such, the apps are installed on victim devices without their knowledge and consent, which is why these apps are deemed illegal in some parts of the world. LetMeSpy, for example, works by uploading all text messages, call logs, and location data, to the servers, without notifying the device owner. The data is then shared with the person who installed the app, on a different device. That makes the apps an ideal gateway for hackers looking to steal sensitive data, especially when theyre poorly executed and buggy (which, according to TechCrunch, is often the case). The stolen data can be leveraged in a number of ways: the attackers can try and extort the victims for money, or they could sell the information on the black market for profit. They can also use the data in an identity theft attack, or wire fraud. Furthermore, the threat of stalkerware increased by more than threefold over the past three years, recent figures from Avast showed. The companys Threat Researchers department, part of the Coalition Against Stalkerware, revealed that, based on its telemetry, the possibility of encountering this form of mobile malware increased 329% since 2020. The best way to make sure your devices arent sporting any stalkerware is to go through all of the apps installed on the device and make sure they all work as intended. If the phone suddenly drops in performance, or starts crashing and freezing for no apparent reason, there could be a stalkerware app hiding somewhere. Also, Avast says that if suddenly you have a new browser homepage, new icons on your desktop, or a different default search engine, it might be a good time to scan the phone. What have others said about the data breach? Users on Reddit were quick to point out the irony in the fact that a data stealing app has had its data stolen. Define irony one user stated, while another added: I'm shocked, shocked I tell you! Next thing you know, we'll find out that Facebook isn't respecting our privacy either. I'm happy to see there's a deterrent to more people creating these apps, another added. Among other publications, TechCrunch said spyware apps are notoriously buggy and known for rudimentary security mistakes, while SiliconAngle cited Ray Kelly, a fellow at Synopsys Software Integrity Group, who said mobile apps should be tested for unencrypted credentials and the leakage of personally identifiable information. Mobile app vendors must also test back-end systems, such as open storage buckets or application programming interface nonvalidated inputs that could lead malicious actors to carry out SQL Injection attacks and potentially steal an entire database, Kelly added. Go deeper If you want to learn more about staying safe online, start by reading our guide on the best malware removal tools right now. Also check out how to clean up your Android device , as well as what are the best iOS antivirus apps . Check out the best firewalls right now ====================================================================== Link to news story: https://www.techradar.com/pro/security/this-top-mobile-phone-spying-app-says-i t-has-been-hacked-with-thousands-of-users-at-risk --- Mystic BBS v1.12 A47 (Linux/64) * Origin: tqwNet Technology News (1337:1/100) .