Spyware app pcTattletale has announced its closure and cessation of operations following a recent data breach. The breach resulted in the hacker defacing the company’s website and publishing large amounts of data from pcTattletale’s servers, including customer databases and stolen victim data. pcTattletale was a remote surveillance app that allowed users to track individuals without their knowledge, earning it the nickname “stalkerware.” The app was advertised as a tool for monitoring employees but also openly promoted its ability to spy on spouses and domestic partners illegally.
The data breach exposed the private keys for pcTattletale’s Amazon Web Services account, where the company stored hundreds of millions of screenshots from devices that had the spyware installed. The hacker claimed on the defaced website that they could trick the servers into turning over these private keys. Following the breach, pcTattletale founder Bryan Fleming stated that he no longer has access to the company’s Amazon Web Services account and has deleted all data to prevent any further exposure of customer information.
Analysis of the exposed data revealed that pcTattletale stored over 300 million screenshots from victims’ devices dating back several years. Some of these screenshots were found to be publicly accessible online. It appears that Amazon may have taken action against pcTattletale, as the Amazon S3 storage server used by the company now shows an “AllAccessDisabled” error code, blocking all access to the account. However, neither Fleming nor an AWS spokesperson confirmed whether AWS had shut down the server.
pcTattletale’s handling of the data breach raises concerns. Fleming did not keep a copy of the data and did not notify those affected by the breach before deleting it. This lack of transparency is troubling, leaving customers unaware that their information was exposed. Spyware apps like pcTattletale are notorious for their security vulnerabilities and have faced regulatory action in the past for inadequate practices.
Similar breaches have led to the closure of other spyware makers. LetMeSpy shut down after its systems were hacked and customer data was deleted, while PhoneSpector and Highster shut down following an investigation by New York state authorities. The Federal Trade Commission (FTC) declined to comment on whether it is investigating pcTattletale specifically.
The closure of pcTattletale serves as a reminder of the risks associated with spyware apps and the need for robust security measures to protect user data. Customers should exercise caution when using surveillance apps and prioritize their privacy and security.