American-made malware program for consumers’ computersAs per a hacker who took credit for the attack, Tattletale was breached and its internal data was leaked onto its own website.
The hacker claimed to have compromised the servers hosting pcTattletale’s activities in a statement that was posted on the website late on Friday. For a brief while, links to files from the spyware maker’s servers appeared on the website; these files looked to include some of the stolen data from victims. Given the continued risk to victims, whose private information has already been hijacked by the spyware, TechCrunch is not including a link to the website.
Bryan Fleming, the creator of pcTattletale, did not respond to an email seeking comment. The duration of Fleming’s company’s outage makes it unclear if he can receive email.
There was no explicit reason given by the hacker for the breach. The attack occurred a few days after a security researcher claimed to have discovered and reported a flaw in the spyware program that allows it to steal screenshots of the targets of its infestation. According to the researcher, Eric Daigle, pcTattletale rejected offers to address the vulnerability, which is why he refrained from disclosing specifics of the problem.
While not taking advantage of the flaw that Daigle discovered, the hacker who broke into and vandalized pcTattletale’s website claimed that the company’s servers could be coerced into handing over the private keys for its Amazon Web Services account, which allows access to the spyware’s functions.
The person who planted pcTattletale, a type of remote access app known as “stalkerware” due to its capacity to monitor individuals without their knowledge or authorization, can view the target’s Android or Windows device and its data remotely from any location in the globe. The program “runs invisibly in the background on their workstations and can not be detected,” according to pcTattletale. Because spyware programs are insidious by design, it can be challenging to recognize and eliminate them.
TechCrunch disclosed earlier this week that pcTattletale was used to breach the front desk check-in systems at many Wyndham hotels in the US, resulting in the disclosure of screenshots containing customer and guest information. Wyndham declined to comment on whether it approved or permitted the spyware app to be used on its networks by its franchised hotels.
This is the most recent instance of a spyware creator losing control over the extremely private and sensitive information it obtains from its targets’ devices. An continuing count by TechCrunch shows that more than a dozen spyware and stalkerware companies have been hacked in recent years, or have otherwise compromised the private information of their victims – often several times.
The list of compromised spyware creators includes TheTruthSpy, a phone spyware operation founded and run by Vietnamese developers, which was breached once more in February, and LetMeSpy, a spyware created by a Polish developer that shut down in June 2023 after its systems were compromised and its backend data erased.
Additionally compromised spyware producers include Spyhide, KidsGuard, Xnspy, Support King, and now pcTattletale.