The first convicted spyware maker in more than a decade avoided prison after earlier pleading guilty to US federal charges related to the operation of his surveillance company.
Brian Fleming was sentenced Friday in federal court in San Diego to an assessment and fine of $5,000, a spokesman for the U.S. Attorney for the Southern District of California, whose office brought the charges against Fleming, confirmed.
During a hearing in January following a years-long federal investigation into his spyware company, pcTattletale, Fleming admitted to making, selling and advertising spyware for illegal uses.
Prosecutors had previously asked the judge not to give Fleming a prison sentence or a fine.
Fleming’s criminal conviction marks the first successful prosecution of a spyware maker by the US Department of Justice since 2014, potentially opening the door to future prosecutions of others with illegal surveillance operations.
Fleming’s attorney, Marcus Bourassa, did not respond to a request for comment when contacted by TechCrunch.
Investigators with Homeland Security Investigations (HSI), a unit of US Immigration and Customs Enforcement, filed charges against Fleming in 2025 as part of a broader investigation into the consumer-grade spyware industry. While many spyware operators operate their businesses from overseas, investigators told TechCrunch that Fleming attracted the attention of federal agents as he was selling and facilitating the use of spyware from the United States and was someone within the jurisdiction of US law enforcement.
Spyware apps like pcTattletale are referred to as “stalkerware,” as paying customers often install tracking software on someone else’s devices without their knowledge or consent, such as their spouse. Once planted, these apps secretly upload the contents of a victim’s device, including their real-time messages, photos, and location, and make the data visible to the person who installed the spyware.
According to an affidavit filed by federal investigators who sought to search his home, Fleming, in some cases, “knowingly assisted clients who wanted to spy on non-consenting adults.”
It’s not known how many people pcTattletale spied on, but a data breach in 2024 revealed some of the scale of the long-running operation.
According to a previous TechCrunch investigation, a security researcher discovered that pcTattletale had a security flaw that exposed millions of screenshots taken by the spyware from the victim’s device every few seconds to the open internet, allowing anyone to view the contents of other people’s computer screens. This included screenshots of check-in computers at several US hotels that had pcTattletale installed, which exposed details of hotel guests and reservations.
Fleming did not respond to the investigator or fix the security flaw.
A week after our report, Fleming shut down pcTattletale in 2024 following a high-profile hack, website defacement and data breach that revealed more than 138,000 customers had paid the company to help spy on countless victims.
The hacker told TechCrunch that they exploited a different security flaw, allowing access to all files stored on pcTattletale’s cloud data storage account, including those victims.
It’s unclear exactly how many people had their devices compromised by pcTattletale, and Fleming didn’t notify his customers or their victims about the data breach. pcTattletale’s founder told TechCrunch at the time that he “deleted everything” from his company’s servers after the breach.
pcTattletale is one of several stalkerware makers shut down or forced offline after a security breach, including LetMeSpy, Cocospy and Spyhide.
