"Sensitive Information Stolen in LetMeSpy Stalkerware Hack"

Radeal, the Polish developer of Android stalkerware "LetMeSpy," is informing users that their personal information and collected data was stolen due to a cyberattack.  LetMeSpy is a free application that collects information from the phones it has been installed on, including call logs, text messages, and device location.  The phone monitoring application is marketed as offering parental control and employee monitoring capabilities, but it essentially allows users to spy on others after installing the software on their devices, likely without their knowledge.  Once up and running on a device, LetMeSpy hides its icon from the phone's home screen to prevent detection and removal.  The application uploads the collected information to remote servers, where the user who installed it can access it, essentially tracking a person in real time.  Radeal stated that it fell victim to a cyberattack that resulted in unauthorized access to the data of website users.  As a result of the attack, the criminals gained access to email addresses, telephone numbers, and the content of messages collected on accounts.  The application developer suspended all account-related functions of the website, promising to restore them after mitigating the attack.  Law enforcement was also informed about the incident.  According to security researcher Maia Arson Crimew, who received a copy of the allegedly stolen data, the attackers got their hands on call logs, messages, user IDs, email addresses, password hashes, geolocation logs, IP addresses, payment logs, and phone information.

SecurityWeek reports: "Sensitive Information Stolen in LetMeSpy Stalkerware Hack"