Android app LetMeSpy disclosed a security breach, sensitive data associated with thousands of Android users were exposed.
The phone monitoring app LetMeSpy disclosed a security breach, threat actors have stolen sensitive data associated with thousands of Android users, including messages, locations, call logs, e-mail addresses, and telephone numbers.
According to a notice published by the company, the security incident took place on June 21, 2023.
The LetMeSpy app is developed by the company Radeal and is sold as a parental control or employee monitoring application.
Customers can use the app by paying a monthly subscription of $6 for a standard license or $12 for a Pro license.
“As a result of the attack, the criminals gained access to e-mail addresses, telephone numbers and the content of messages collected on accounts,” reads a statement published by the company.
The company immediately launched an investigation into the incident and notified law enforcement and data protection watchdogs.
The news of the data breach was first reported by the Polish security research blog Niebezpiecznik, which also confirmed that the threat actors behind the attack claimed to have seized the domain associated with the spyware.
“It’s not clear who is behind the LetMeSpy hack or their motives. The hacker intimated that they deleted LetMeSpy’s databases stored on the server. A copy of the hacked database also appeared online later the same day.” reported TechCrunch. “DDoSecrets, a nonprofit transparency collective that indexes leaked datasets in the public interest, obtained a copy of the hacked LetMeSpy data and shared it with TechCrunch. DDoSecrets said it was limiting the distribution of the data to journalists and researchers, given the amount of personally identifiable information in the cache.”
According to TechCrunch, the leaked data exposed in the attack are dating back to 2013 and include data related to at least 13,000 compromised devices
Most of the victims, whose data is in the database, are located in the U.S., India, and Africa.
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
Pierluigi Paganini
(SecurityAffairs – hacking, data breach)
Share On