Consumer-grade spyware app pcTattletale has been discovered running on the check-in systems of three Wyndham hotels in the US. This app, which is marketed as a way to monitor employees and track people without their knowledge or consent, was found to be capturing screenshots of the hotel booking systems, exposing guest details and customer information. The spyware had a security flaw that allowed anyone on the internet to access these screenshots, not just the intended users of the app. This is not the first time pcTattletale has exposed screenshots, as several other spyware apps in recent years have had security bugs or misconfigurations that exposed personal data. The screenshots from the Wyndham hotels showed guest names, reservation details, and partial payment card numbers. It is unclear who planted the app or how it was installed on the hotel systems. Wyndham, a franchise organization, did not confirm if it was aware of pcTattletale’s use on its hotels’ computers or if it approved of its use. Booking.com, whose administration portal was also accessed by the spyware, confirmed that its systems were not compromised but said that hotel systems are often targeted by cybercriminals to gain access to accounts. There is a long history of stalkerware apps like pcTattletale that market themselves for legitimate uses but also promote their use for unlawful purposes. pcTattletale develops spyware apps for Android and Windows, requiring physical access to a target’s device for installation. The company also offers a service called “We Do It For You” to install the spyware on behalf of customers. pcTattletale’s founder, Bryan Fleming, did not respond to requests for comment.
