Share this article on:
A cyber attack on spyware app pcTattletale has killed the business, according to the company’s founder.
The company, which advertises itself as an employee and child monitoring service, is a consumer-grade spyware or “stalkerware” app that allows users to monitor other devices by seeing screenshots of victim Android or Windows devices. Programs like pcTattletale can and have been used for nefarious purposes, such as monitoring victim devices to collect data or snooping on spouses without consent.
Just days ago, the company’s website was defaced by a hacker, who published links containing data exfiltrated from pcTattletale’s servers. Data included customer data and data stolen from victims of the program. According to Have I Been Pwned via TechCrunch, the program had 138,000 customers.
Additionally, the hacker said the program’s servers could be fooled into handing over Amazon Web Services private keys. With this, the hacker was able to access the Amazon S3 storage used by pcTattletale and the 300 million screenshots stored on it.
The hacker did not disclose the reasoning for the attack.
Speaking with TechCrunch, company founder Bryan Fleming said that he is now unable to access the Amazon Web Services account.
“I deleted everything because the data breach could have exposed my customers,” he said.
“The account is closed; the servers are deleted.”
Fleming did not explain why the data was deleted without customers first being notified, and he added that he did not keep a copy of the data. TechCrunch said he then stopped responding to inquiries.
PcTattletale had been at risk for some time, with a security researcher releasing a report not long before the breach outlining a vulnerability in which targeted devices could leak screenshots. However, the hacker did not exploit this vulnerability.
The pcTattletale website was taken offline 20 hours after the breach. It is still inaccessible at the time of writing.