Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

The phone monitoring app LetMeSpy disclosed a data breach

Android app LetMeSpy disclosed a security breach, sensitive data associated with thousands of Android users were exposed. The phone monitoring app LetMeSpy disclosed a security breach, threat actors have stolen sensitive data associated with thousands of Android users, including messages, locations, call logs, e-mail addresses, and telephone numbers. According to a notice published by the company, the […]

LetMeSpy

Android app LetMeSpy disclosed a security breach, sensitive data associated with thousands of Android users were exposed.

The phone monitoring app LetMeSpy disclosed a security breach, threat actors have stolen sensitive data associated with thousands of Android users, including messages, locations, call logs, e-mail addresses, and telephone numbers.

According to a notice published by the company, the security incident took place on June 21, 2023.

The LetMeSpy app is developed by the company Radeal and is sold as a parental control or employee monitoring application.

Customers can use the app by paying a monthly subscription of $6 for a standard license or $12 for a Pro license.

“As a result of the attack, the criminals gained access to e-mail addresses, telephone numbers and the content of messages collected on accounts,” reads a statement published by the company.

The company immediately launched an investigation into the incident and notified law enforcement and data protection watchdogs.

The news of the data breach was first reported by the Polish security research blog Niebezpiecznik, which also confirmed that the threat actors behind the attack claimed to have seized the domain associated with the spyware.

“It’s not clear who is behind the LetMeSpy hack or their motives. The hacker intimated that they deleted LetMeSpy’s databases stored on the server. A copy of the hacked database also appeared online later the same day.” reported TechCrunch. DDoSecrets, a nonprofit transparency collective that indexes leaked datasets in the public interest, obtained a copy of the hacked LetMeSpy data and shared it with TechCrunch. DDoSecrets said it was limiting the distribution of the data to journalists and researchers, given the amount of personally identifiable information in the cache.”

According to TechCrunch, the leaked data exposed in the attack are dating back to 2013 and include data related to at least 13,000 compromised devices

Most of the victims, whose data is in the database, are located in the U.S., India, and Africa.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, data breach)