- LetMeSpy, a commercial spyware service, shuts down following massive data breach.
- A hacker gained access to its user email addresses, phone numbers, and text messages.
- The breach exposed extensive call logs, text messages, and over 13,000 location data points, impacting victims primarily in the US, India, and Western Africa.
- The hacker also accessed LetMeSpy’s master database, revealing data on 26,000 customers who used the app, including paying subscribers.
- LetMeSpy’s website was commandeered by the hacker, leaving users in turmoil as the company struggled to cope with the aftermath of the breach.
LetMeSpy, a commercial spyware service catering to Android users, is forced to shut down operations after suffering a crippling data breach. The breach, which occurred on June 21, 2023, saw a cybersecurity researcher infiltrate the company’s servers and access sensitive user information, leaving behind a trail of devastation for thousands of victims.
LetMeSpy made the grim announcement via its website, notifying users that it will cease all services by August 31, 2023. The notice explained that access to user accounts was blocked as a security measure after the data breach. Consequently, LetMeSpy’s service was disabled, and users were unable to log in or create new accounts on the platform.
The extent of the breach, which was originally revealed by a Polish site, became evident as LetMeSpy revealed that unauthorized individuals had gained access to email addresses, phone numbers, and message content from user accounts.
The hacker’s haul of data was extensive, affecting at least 13,000 devices and spanning back to 2013. Shockingly, years of call logs and text messages were exposed, severely compromising victims’ privacy and security.
Moreover, the hacker obtained over 13,000 location data points, primarily from users in the United States, India, and Western Africa. This massive data leak has raised serious concerns about the safety and well-being of those affected.
In addition to compromising individual user data, the hacker managed to access the app’s master database. This database contained records of approximately 26,000 customers, including those who utilized the app for free and paid subscribers. The breach also exposed the email addresses of paying customers, further exacerbating the magnitude of the incident.
Following the breach, LetMeSpy’s website fell under the control of the hacker, adding another layer of chaos and confusion for users seeking answers and recourse.
To address the situation, LetMeSpy has instructed users who wish to access their data to reach out to the company by September 30, 2023, using the provided email address on the website. However, this grace period is subject to the retention period mandated by applicable laws, after which all stored data in user accounts will be deleted.
The LetMeSpy data breach stands as a sombre lesson for the entire tech industry, highlighting the critical importance of prioritizing user data protection and ensuring that such devastating breaches never occur again.