On June 21, “a security incident occurred involving obtaining unauthorised access to the data of website users,” according to the phone tracking software, which is used to spy on thousands of Android phone users worldwide.
The warning stated that as a result of the incident, the thieves had access to user accounts’ email addresses, phone numbers, and message content.
An example of a phone surveillance app is LetMeSpy, which is promoted for employee or parental control. Additionally, the software is made to remain undetectable on a phone’s home screen, making it challenging to find and uninstall. These phone surveillance applications, often known as stalkerware or spouseware, are frequently installed without the owner’s knowledge or agreement by others who have physical access to their phone, such as spouses or domestic partners.
As soon as the programme is installed, LetMeSpy secretly sends the phone’s text messages, call records, and precise location information to its servers, enabling the person who installed the app to follow the target in real time.
These surveillance applications are notoriously unstable and renowned for basic security flaws because to their high degree of access to a person’s phone. Over the years, several spyware apps have been hacked or have leaked and exposed private phone data that had been obtained from unaware users.
Niebezpiecznik, a Polish security analysis site, was the first to reveal the incident. The hacker apparently reacted instead when Niebezpiecznik contacted the spyware company for comment, claiming to have gained full access to the spyware maker’s website.
Who is responsible for the LetMeSpy breach and their intentions are unclear. The hacker hinted that they had removed the datasets for LetMeSpy that were kept on the server. Later that day, a copy of the compromised database also surfaced online.
The compromised LetMeSpy data was acquired by DDoSecrets, a nonprofit transparency collective that indexes leaked datasets in the public good, and provided to TechCrunch. Given the quantity of personally identifiable material in the cache, DDoSecrets said it was restricting the dissemination of the data to journalists and researchers.
According to information on the LetMeSpy website in January, the malware has been used to track over 236,000 devices and has amassed tens of millions of call records, text messages, and location data points. The site’s counters read 0 at the time this article was written. The spyware software itself, along with a large portion of the site’s functionality, appears to be malfunctioning. The LetMeSpy mobile app’s network traffic was examined by TechCrunch, who found that it didn’t appear to be working as of the time of writing.
For several thousand victims, the database also included over 13,400 geographical data points. The majority of the location data points are concentrated across areas of high population density, which suggests that the majority of victims are concentrated in Western Africa, the United States, and India.
The data also included the spyware’s master database, which included details on 26,000 users of the software who downloaded it for free as well as the email addresses of users who paid for subscriptions.
It’s not unusual for spyware developers, like those behind LetMeSpy, to hide their true identities from the public. This is frequently done to protect themselves from the reputational and legal risks associated with enabling widespread covert phone surveillance, which is illegal in many jurisdictions.
However, data from the exposed database reveals that Krakow-based Polish developer Rafal Lidwin is responsible for creating and maintaining LetMeSpy. In spite of repeated demands for comment, Lidwin remained silent.
According to LetMeSpy’s breach notification, it has alerted UODO, the Polish data protection regulator, and police authorities. A UODO representative, Adam Sanocki, verified to TechCrunch that the company had received the notification from LetMeSpy.
The majority of Android spyware programmes impersonate essential system apps. It is simpler to locate and delete LetMeSpy. The application is called “LMS,” and it has a unique icon.
If it isn’t already, you should also enable Google Play Protect, one of the finest defences against rogue Android applications. This may be done through Google Play’s settings menu.