U.S.-made consumer-grade spy ware app pcTattletale has been hacked and its inner information revealed to its personal web site, in accordance with a hacker who claimed accountability for the breach.
The hacker posted a message on pcTattletale”s web site late Friday, claiming to have hacked the servers containing pcTattletale’s operations. The spy ware maker’s web site briefly contained hyperlinks containing recordsdata from its servers, which appeared to incorporate some victims’ stolen information. TechCrunch shouldn’t be linking to the location given the continuing threat to victims, whose non-public information has already been compromised by the spy ware.
pcTattletale’s founder Bryan Fleming didn’t return an e-mail requesting remark. It’s not clear if Fleming can obtain e-mail attributable to his firm’s ongoing outage.
The hacker didn’t present a selected motivation for the breach. The hack comes a number of days after a safety researcher stated he discovered and reported a vulnerability within the spy ware app itself, which leaks the screenshots of the units it was planted on. The researcher, Eric Daigle, stated he didn’t publish particular particulars of the flaw as a result of pcTattletale ignored requests to repair the vulnerability.
The hacker who compromised and defaced pcTattletale’s web site didn’t exploit the vulnerability that Daigle discovered, however stated pcTattletale’s servers could possibly be tricked into turning over the non-public keys for its Amazon Internet Companies account, which grants entry to the spy ware’s operations.
pcTattletale, a sort of distant entry app also known as “stalkerware” for its means to trace individuals with out their data or consent, permits the one that planted the app to remotely view the goal’s Android or Home windows system and its information from anyplace on this planet. pcTattletale says the app “runs invisibly within the background on their workstations and can’t be detected.” Spyware and adware apps are stealthy by nature, and as such are troublesome to establish and take away.
Earlier this week TechCrunch revealed that pcTattletale was used to compromise the entrance desk check-in techniques at a number of Wyndham lodges throughout the USA, which leaked screenshots of visitor particulars and buyer data. Wyndham wouldn’t say whether or not it approved or allowed its franchised lodges to make use of the spy ware app on its techniques.
That is the newest instance of a spy ware maker shedding management of the extremely delicate and private information it collects from the units of its targets. In recent times greater than a dozen spy ware and stalkerware corporations have been hacked, or in any other case spilled victims’ non-public information — in some instances a number of occasions over — in accordance with an ongoing tally by TechCrunch.
That record of hacked spy ware makers consists of LetMeSpy, a spy ware made by a Polish developer, which shut down in June 2023 after its techniques have been hacked and its backend information deleted; and TheTruthSpy, a telephone spy ware operation created and operated by Vietnamese builders, which was hacked once more in February.
Different hacked spy ware makers embody KidsGuard, Xnspy, Assist King, Spyhide — and now, pcTattletale.
