LetMeSpy, an Android-based phone tracking tool, has revealed a security flaw that made it possible for an unauthorized person to collect private information related to thousands of Android users.
LetMeSpy stated in a statement on its website that the incident happened on June 21, 2023. “As a result of the attack, the criminals gained access to email addresses, telephone numbers, and the content of messages collected on accounts,” the company noted.
LetMeSpy said it alerted law enforcement and data protection authorities as soon as the incident was discovered. Additionally, it is taking steps to pause any activities relating to accounts until further notice. The threat actor’s identity and motivations are presently unclear.
LetMeSpy, created by a Polish business called Radeal, costs $6 for Standard and $12 for Pro monthly subscriptions and enables users to spy on others by simply installing the program on their devices. It is advertised as a tool for employee or parental control, according to a screenshot from December 2013 on the Internet Archive.
LetMeSpy offers a variety of services that can be accessible through the internet to gather call records, SMS messages, and geolocations. The symbol for the app can be concealed from the device’s home screen launcher in an effort to avoid discovery and removal.
The stalkerware software has been used to follow 236,322 phones as of January 2023, gathering more than 63.5 million texts, 39.7 million call records, and 43.2 million locations from those devices.
About 26,000 email addresses, 16,000 SMS messages, and a database of victims’ whereabouts, according to the Polish security research site Niebezpiecznik, which broke the news of the incident and examined a dump of the stolen data.
TechCrunch’s analysis of the stolen data has shown that it dates all the way back to 2013, when LetMeSpy first started taking orders. Data from at least 13,000 infected devices is also included in the documents. The U.S., India, and several regions of Africa are home to the vast majority of the casualties.