Home Security Compromise: LetMeSpy, a Phone Tracking App, Admits to Being Hacked

Security Compromise: LetMeSpy, a Phone Tracking App, Admits to Being Hacked

LetMeSpy, a widely used phone monitoring app, recently experienced a significant data breach. The spyware app, marketed for parental control and employee monitoring, allows individuals to secretly track Android phones. However, this breach has exposed sensitive user information, including email addresses, telephone numbers, and message content. In this article, we’ll delve into the details of the breach, the potential risks it poses, and offer guidance on how to protect yourself from similar incidents.

On June 21, LetMeSpy disclosed a security incident involving unauthorized access to user data. Hackers gained entry to the app’s databases, compromising the personal information of thousands of individuals who had fallen victim to this surveillance tool. The stolen data includes call logs, text messages, and location information collected from accounts dating back to 2013.

LetMeSpy, like other phone monitoring apps, is notorious for its security vulnerabilities. These apps, often referred to as stalkerware or spouseware, are typically installed without the user’s consent or knowledge. Once planted on a device, LetMeSpy silently uploads the phone’s data to remote servers, allowing the person who installed the app to track the victim in real-time.

The data breach of LetMeSpy exposes users to several risks. Firstly, personal information, such as call logs and message content, is now in the hands of unauthorized individuals. This puts victims at risk of identity theft, fraud, and privacy violations. Furthermore, the breach highlights the broader issue of spyware apps, which are frequently targeted by hackers due to their weak security measures.

The identity and motives of the hacker responsible for the LetMeSpy breach remain unclear. When the spyware maker was contacted for comment, the hacker responded, claiming to have gained wide access to the company’s domain. They also indicated that they had deleted LetMeSpy’s databases. However, a copy of the hacked database surfaced online shortly after the incident.

A leaked copy of the hacked LetMeSpy data revealed alarming details. The database contained records of at least 13,000 compromised devices, with call logs and text messages spanning several years. The victims of this breach primarily reside in the United States, India, and Western Africa, as indicated by the location data points stored in the database.

Additionally, the leaked data included LetMeSpy’s master database, which contained information about 26,000 customers. This database revealed the identities of customers who used the spyware for free and the email addresses of those who purchased subscriptions.

Following the breach, LetMeSpy claimed to have notified law enforcement and the Polish data protection authority, UODO. However, it is unclear whether the company has the ability to notify the victims directly, considering the lack of identifiable information in the leaked data. This poses a challenge as notifying victims could potentially alert the perpetrators, risking the safety of the victims.

Given the prevalence of spyware and phone monitoring apps, it is crucial to take proactive measures to protect yourself. Here are some steps you can take:

  1. Regularly Check for Suspicious Apps: Review your device for any unfamiliar or suspicious apps, including those disguised as important system apps. LetMeSpy, for instance, is known as “LMS” and has a distinctive icon.
  2. Remove Android Spyware: If you suspect that your device may be compromised, follow a guide to remove Android spyware. However, exercise caution to ensure your safety and privacy.
  3. Enable Google Play Protect: Switch on Google Play Protect, a safeguard that defends against malicious Android apps. You can find this option in the settings menu of Google Play.

First reported on TechCrunch

About ReadWrite’s Editorial Process

The ReadWrite Editorial policy involves closely monitoring the tech industry for major developments, new product launches, AI breakthroughs, video game releases and other newsworthy events. Editors assign relevant stories to staff writers or freelance contributors with expertise in each particular topic area. Before publication, articles go through a rigorous round of editing for accuracy, clarity, and to ensure adherence to ReadWrite's style guidelines.

Brad Anderson
Former editor

Brad is the former editor who oversaw contributed content at ReadWrite.com. He previously worked as an editor at PayPal and Crunchbase.

Get the biggest tech headlines of the day delivered to your inbox

    By signing up, you agree to our Terms and Privacy Policy. Unsubscribe anytime.

    Tech News

    Explore the latest in tech with our Tech News. We cut through the noise for concise, relevant updates, keeping you informed about the rapidly evolving tech landscape with curated content that separates signal from noise.

    In-Depth Tech Stories

    Explore tech impact in In-Depth Stories. Narrative data journalism offers comprehensive analyses, revealing stories behind data. Understand industry trends for a deeper perspective on tech's intricate relationships with society.

    Expert Reviews

    Empower decisions with Expert Reviews, merging industry expertise and insightful analysis. Delve into tech intricacies, get the best deals, and stay ahead with our trustworthy guide to navigating the ever-changing tech market.