The founder of spyware app pcTattletale said his company is “down and done” after a data breach over the weekend.
The termination comes days after a hacker breached the spyware maker’s website and posted links containing large amounts of data from pcTattletale’s servers, including databases of customer information and some stolen victim data.
pcTattletale was a remote surveillance app — often known as “stalkerware” for its ability to track people without their knowledge — that allowed the person who installed the app to remotely view screenshots of the victim’s Android or Windows device and private data from anywhere in the world. pcTattletale advertised its spyware application as a way to monitor employees, but it also openly promoted its ability to spy on spouses and domestic partners without their consent, which is illegal.
The now-defunct app had 138,000 customers signed up to use the service, per Have I Been Pwned data breach notification site.
On the defaced website, the hacker said pcTattletale’s servers could be tricked into handing over the private keys for his Amazon Web Services account, which the spyware maker used to store hundreds of millions of screenshots of the devices it was installed on the spyware.
The pcTattletale website remains offline at the time of writing.
pcTattletale founder Bryan Fleming told TechCrunch in a text message on Tuesday that he no longer has access to the company’s Amazon Web Services account.
“I deleted everything because the data breach could have exposed my customers,” Fleming said.
“The account is closed [and] the servers are being wiped,” Fleming said.
One analysis of exposed data shows that pcTattletale stored on its Amazon S3 storage server more than 300 million screenshots of victims’ devices dating back years. TechCrunch independently confirmed that there were publicly accessible screenshots from devices monitored by pcTattletale online.
It appears that Amazon may have taken action against the spyware maker. The Amazon S3 storage server pcTattletale is used to save device screenshots now reads “AllAccessDisabled,” an error code Amazon uses to block all access to a customer’s account, including the customer whose only recourse is to contact Amazon “for further assistance.” However, Fleming would not answer the question of whether AWS had shut it down, and AWS spokesman Grant Milne would not say either.
Fleming said he did not keep a copy of the data and did not explain that the company deleted the data without first notifying those whose information was exposed in the data breach. He stopped answering our questions.
pcTattletale’s situation is not unique: spyware applications are notoriously bugging and have been known to leak or leak data. Federal regulators have previously banned stalkerware makers from the surveillance industry for poor security practices.
When asked about pcTattletale, FTC spokeswoman Juliana Gruenwald Henderson said the agency does not comment on whether it is investigating a specific matter.
Other spyware makers have been shut down after similar breaches. Polish-developed spyware LetMeSpy was shut down in June 2023 after its systems were hacked and customer data was deleted, and spyware apps PhoneSpector and Highster were shut down following a New York state investigation.
