According to the makers of LetMeSpy, a widely used phone monitoring app, a hacker has stolen intercepted messages, call logs, and locations. The company released a notice on its login page stating that on June 21, an unauthorized access security incident occurred, resulting in the theft of email addresses, telephone numbers, and message content. LetMeSpy is a phone monitoring app used for parental control or employee monitoring that stays hidden on the phone’s home screen. These types of apps, known as stalkerware or spouseware, are typically installed without the user’s consent or knowledge. LetMeSpy uploads text messages, call logs, and location data to its servers, allowing the person who planted the app to track the user in real-time. However, these surveillance apps are known for security mistakes and have been susceptible to hacking and data leaks in the past. The breach was first reported by Polish security research blog Niebezpiecznik, and the hacker claimed to have deleted LetMeSpy’s databases and shared a copy online. Nonprofit transparency collective DDoSecrets obtained a copy of the hacked data and limited its distribution to journalists and researchers due to the amount of personally identifiable information present. The leaked data contained years of call logs and text messages, with at least 13,000 compromised devices. LetMeSpy’s website claims to track over 236,000 devices, but its counters read as zero at the time of the analysis. The app was also found to be non-functioning, and the leaked data included location data points and information about customers. The developer, Rafal Lidwin, did not respond to requests for comments. LetMeSpy said it had notified law enforcement and the Polish data protection authority but didn’t mention if it would notify victims. Android spyware apps, including LetMeSpy, are often disguised as system apps, but LetMeSpy is easier to find and uninstall. Users are advised to switch on Google Play Protect for added protection against malicious Android apps. LetMeSpy is one of many spyware and phone monitoring apps that have been hacked or breached in recent years. Victims of domestic abuse and violence can seek assistance from the National Domestic Violence Hotline, while the Coalition Against Stalkerware provides resources for compromised phones.
