{"id":22660,"date":"2023-08-08T16:10:41","date_gmt":"2023-08-09T00:10:41","guid":{"rendered":"http:\/\/www.palada.net\/index.php\/2023\/08\/08\/news-16390\/"},"modified":"2023-08-08T16:10:41","modified_gmt":"2023-08-09T00:10:41","slug":"news-16390","status":"publish","type":"post","link":"http:\/\/www.palada.net\/index.php\/2023\/08\/08\/news-16390\/","title":{"rendered":"Server breach could be fatal blow for LetMeSpy"},"content":{"rendered":"<p>A mobile app designed to let people spy on others will <a href=\"https:\/\/techcrunch.com\/2023\/08\/05\/letmespy-spyware-shuts-down-wiped-server\/\" target=\"_blank\">shortly be going out of business<\/a> after a server breach and mass deletion incident. The app, LetMeSpy, sits silently and invisibly on a phone and <a href=\"https:\/\/techcrunch.com\/2023\/06\/27\/letmespy-hacked-spyware-thousands\/\" target=\"_blank\">collects call logs, location data, and even text messages<\/a>.<\/p>\n<p>This kind of program is commonly referred to as stalkerware. As the name suggests, people aren&rsquo;t doing anything good with this kind of software. You&rsquo;ll most commonly see it on Android devices, put there by someone with temporary physical access. Depending on the program, it may access phone records, texts, photos, camera, microphone, GPS&hellip;you name it, it can possibly do it.<\/p>\n<p>The device owner will have no idea that this is going on, because these programs come with no app icon and stay hidden.<\/p>\n<p>A domestic abuser or someone up to no good generally installs the app on the phone without the victim&rsquo;s consent or knowledge. Once done, it can be used to keep track of the person for as long as it remains on the device.<\/p>\n<p>In this case, LetMeSpy first made notification of the breach in June, with the following message:<\/p>\n<blockquote>\n<p>On June 21, 2023, a security incident occurred involving obtaining unauthorized access to the data of website users.<\/p>\n<\/blockquote>\n<p>As a result of the attack, the criminals gained access to email addresses, telephone numbers and the content of messages collected on accounts. For 100% clarity: Everything collected from mobile devices where the owner wouldn&rsquo;t have been aware LeMeSpy was present in the first place.<\/p>\n<p>Given that someone with this app on their phone could potentially be in a perilous position to begin with, it&rsquo;s even worse that such an individual would have their data stolen in this way. Polish site <a href=\"https:\/\/niebezpiecznik.pl\" target=\"_blank\">Niebezpiecznik<\/a>, which first reported the breach, said that the database dumped online contained:<\/p>\n<ul>\n<li>26,000+ email addresses of the tool&#8217;s &#8220;operators&#8221; along with hashes of their passwords.<\/li>\n<li>16,000+ text messages, including passwords and codes for various services.<\/li>\n<li>Telephone numbers of people who had contacted the tracked phones.<\/li>\n<li>Telephone numbers of the people whom the tracked phone owner had called (along with the names associated with them in the contacts list).<\/li>\n<li>A database dump in SQL format, containing more data, including locations.<\/li>\n<\/ul>\n<p>A terrible situation, needlessly caused by an app most folks wouldn&rsquo;t want on their devices.<\/p>\n<p>Well, it seems the breach was a step too far for LetMeSpy too. So much data was deleted that new users are now blocked from creating an account. A permanent shutdown will take place in August. TechCrunch notes that the app is no longer available for download, and currently installed versions seem to be completely dead, as per a network traffic analysis.<\/p>\n<p>A nonprofit transparency collective called DDoSecrets told TechCrunch that the app had been used to steal data from more than 13,000 compromised devices &ldquo;until recently&rdquo;. This is quite a bit lower than the 236k devices the LetMeSpy website claimed to be residing on.<\/p>\n<p>We recently covered the LetMeSpy hack on our <a href=\"https:\/\/www.malwarebytes.com\/blog\/podcast\/2023\/07\/spy-vs-spy-exploring-the-letmespy-hack-with-maia-arson-crimew\">Lock and Code podcast<\/a>, asking (among other things) if there&rsquo;s ever a situation where a hack like this could be considered &ldquo;good&rdquo;.<\/p>\n<p><strong>How to prevent spyware and stalkerware-type apps<\/strong><\/p>\n<ul>\n<li>Set a screen lock on your phone and don&#8217;t let anyone else access it<\/li>\n<li>Keep your phone up-to-date. Make sure you&#8217;re always on the latest version of your phone&#8217;s software.<\/li>\n<li>Use an antivirus on your phone. <a href=\"https:\/\/www.malwarebytes.com\/android\">Malwarebytes for Android<\/a> shows you exactly what information you&#8217;re sharing with each app on Android, so you can keep an eye on your privacy. Malwarebytes detects the LetMeSpy app as Android\/Monitor.LetMeSpy.<\/li>\n<\/ul>\n<p><strong>Coalition Against Stalkerware<\/strong><\/p>\n<p>Malwarebytes is a founding member of the <a href=\"https:\/\/stopstalkerware.org\" target=\"_blank\">Coalition Against Stalkerware<\/a>. We continue to share intelligence with the Coalition Against Stalkerware to improve industry-wide detections while also guiding the domestic abuse support networks within the coalition through thorny, technical questions of detection, removal, and prevention.<\/p>\n<hr \/>\n<p><strong>We don&rsquo;t just report on Android security&mdash;we provide it<\/strong><\/p>\n<p>Cybersecurity risks should never spread beyond a headline. Keep threats off your Android devices by&nbsp;<a href=\"https:\/\/www.malwarebytes.com\/android\">downloading Malwarebytes for Android today<\/a>.<\/p>\n<\/p>\n<p><a href=\"https:\/\/www.malwarebytes.com\/blog\/news\/2023\/08\/server-breach-and-data-deletion-forces-letmespy-out-of-business\" target=\"bwo\" >https:\/\/blog.malwarebytes.com\/feed\/<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<table cellpadding=\"10\">\n<tr>\n<td valign=\"top\" align=\"left\">\n<p>Categories: <a href=\"https:\/\/www.malwarebytes.com\/blog\/category\/personal\" rel=\"category tag\">Personal<\/a><\/p>\n<p>Tags: letmespy<\/p>\n<p>Tags:  stalkerware<\/p>\n<p>Tags:  spy<\/p>\n<p>Tags:  snoop<\/p>\n<p>Tags:  install<\/p>\n<p>Tags:  data<\/p>\n<p>Tags:  breach<\/p>\n<p>Tags:  hacked<\/p>\n<p>We take a look at reports of an app called LetMeSpy facing an imminent shutdown after a server breach and data deletion incident.<\/p>\n<table width=\"100%\">\n<tr>\n<td align=\"right\">\n<p><b>(<a href=\"https:\/\/www.malwarebytes.com\/blog\/news\/2023\/08\/server-breach-and-data-deletion-forces-letmespy-out-of-business\" title=\"Server breach could be fatal blow for LetMeSpy\">Read more&#8230;<\/a>)<\/b><\/p>\n<\/td>\n<\/tr>\n<\/table>\n<\/td>\n<\/tr>\n<\/table>\n<p>The post <a rel=\"nofollow\" href=\"https:\/\/www.malwarebytes.com\/blog\/news\/2023\/08\/server-breach-and-data-deletion-forces-letmespy-out-of-business\">Server breach could be fatal blow for LetMeSpy<\/a> appeared first on <a rel=\"nofollow\" href=\"https:\/\/www.malwarebytes.com\">Malwarebytes Labs<\/a>.<\/p>\n","protected":false},"author":4,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_container_layout":"default_layout","colormag_page_sidebar_layout":"default_layout","footnotes":""},"categories":[10488,10378],"tags":[11510,6270,15234,19421,29929,26699,29930,15000,19409],"class_list":["post-22660","post","type-post","status-publish","format-standard","hentry","category-malwarebytes","category-security","tag-breach","tag-data","tag-hacked","tag-install","tag-letmespy","tag-personal","tag-snoop","tag-spy","tag-stalkerware"],"_links":{"self":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/22660","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/comments?post=22660"}],"version-history":[{"count":0,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/22660\/revisions"}],"wp:attachment":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/media?parent=22660"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/categories?post=22660"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/tags?post=22660"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}