Android-based phone monitoring app Let Me Spy has revealed a security breach that allowed unauthorized third parties to steal sensitive data related to thousands of Android users.
In a statement on its website, LetMeSpy said, “As a result of the attack, the criminals accessed email addresses, phone numbers, and the content of messages collected on accounts,” the incident occurred on June 21, 2023. pointed out.
After discovering the hack, LetMeSpy said it notified law enforcement and data protection authorities. We have also taken steps to suspend all account-related features until further notice. The identity of the threat actor and its motives are currently unknown.
A work by a Polish company called Radeal, LetMeSpy is offered as a monthly subscription ($6 for Standard, $12 for Pro), allowing customers to spy on others by simply installing the software on their devices. increase. A December 2013 Internet Archive snapshot shows it being billed as a tool for parental or employee management.
LetMeSpy comes with a wide range of features for collecting call logs, SMS messages and geolocation, all of which can be accessed through the website. App icons may be hidden from the device’s home screen launcher to avoid detection and removal.
As of January 2023, stalkerware apps have been used to track 236,322 phone calls worldwide, containing over 63.5 million text messages, over 39.7 million call logs, and over 43.2 million phone calls. Collecting locations.
The Polish security research blog Niebezpiecznik, which first reported the breach and analyzed a dump of the stolen data, said the data included about 26,000 email addresses, 16,000 SMS messages, and a database of victim locations. said that
TechCrunch investigated the leak further and found that the data dates back to 2013, when LetMeSpy went live. This record also includes data from at least 13,000 compromised devices. Most of the victims live in the United States, India and parts of Africa.
