Phone Monitoring App LetMeSpy Suffers Data Breach

Kamso Oguejiofor-Abugu Kamso Oguejiofor-Abugu Writer

LetMeSpy, a widely used phone monitoring app, recently disclosed a significant security breach in which a hacker gained unauthorized access to user data. The app, often utilized for parental control or employee monitoring, allows individuals to remotely track Android devices, accessing text messages, call logs, and location data.

According to LetMeSpy’s breach notice, the security incident occurred on June 21, 2023, and resulted in the compromise of user email addresses, telephone numbers, and message content. A copy of the hacked database was leaked online the very day the breach occurred. Following the breach, the company promptly disabled its service and intends to restore functionality once the exploited vulnerability is patched.

Approximately 13,000 devices were identified in the leaked database, but not all shared substantial data with LetMeSpy. The compromised data also contained over 13,400 location data points for several thousand victims, primarily concentrated in the United States, India, and Western Africa. Additionally, the database contained information about LetMeSpy’s customers, including details on 26,000 free users and email addresses of paying subscribers.

LetMeSpy promptly notified law enforcement authorities and the Polish data protection authority, UODO, about the breach. However, it remains unclear if the company will directly notify victims whose phones were compromised.

Although spyware makers typically conceal the real-world identities of their developers, LetMeSpy’s leaked database indicated that the app is built and maintained by a Polish developer named Rafal Lidwin, who is yet to provide any comments about the security breach.

The incident underscores the risks associated with surveillance apps, often referred to as stalkerware or spouseware, which are known for their invasive access to personal data and rudimentary security flaws. LetMeSpy’s breach highlights the need for robust data protection measures and stricter regulations regarding the development and use of such monitoring apps. Users are advised to exercise caution when receiving suspicious messages and to stay vigilant about their digital privacy.

About the Author

About the Author

Kamso Oguejiofor is a former Content Writer at SafetyDetectives. He has over 2 years of experience writing and editing topics about cybersecurity, network security, fintech, and information security. He has also worked as a freelance writer for tech, health, beauty, fitness, and gaming publications, and he has experience in SEO writing, product descriptions/reviews, and news stories. When he’s not studying or writing, he likes to play basketball, work out, and binge watch anime and drama series.

Leave a Comment