Spyware provider LetMeSpy has suffered a data leak, compromising the data of both customers and victims, including intercepted messages and conversation history. The company offers an Android app that enables users to collect various information from the phone on which the spyware is installed. In a message on their website, LetMeSpy acknowledged a security incident on June 21st.
Accessed Data and Impact
During the attack, the perpetrators accessed victims’ email addresses, phone numbers, and the contents of intercepted messages. LetMeSpy can intercept SMS messages and collect victims’ conversation history, providing users with details about the dates and individuals with whom the victims communicated. As a result of the incident, users cannot access their accounts. Access will only be restored once the vulnerability exploited by the attackers has been fixed, according to the statement by the spyware provider. The specific security vulnerability responsible for the breach has not been disclosed.
Extended Scope of the Data Leak
Security researcher Maia Arson Crimew, who is investigating stalker ware, received a link to the stolen data. The data leak appears to be more extensive than what the spyware provider initially revealed. In addition to conversation history and messages, leaked data includes location information, IP addresses, payment details, user IDs, and password hashes. The spyware is estimated to have been installed on approximately ten thousand phones.
Note: This information is based on the available reports and statements regarding the LetMeSpy data leak. Further updates or official disclosures may emerge over time.