Polish spyware maker closes doors after being hacked

Live by the sword, die by the sword

LetMeSpy had compromised thousands of Android phones worldwide

Image:
LetMeSpy had compromised thousands of Android phones worldwide

Poland-based spyware firm LetMeSpy has officially announced its closure, in the aftermath of a June data breach that wiped its servers and a "substantial amount" of data stolen from thousands of victims' phones.

In a notice on its website, the company says it will halt all operations by the end of August.

The notice also mentioned that the company is currently blocking users from logging in or creating new accounts.

"Due to the data security incident that took place on June 21, 2023, access to User Accounts has been blocked for security reasons. After this date, the LetMeSpy service was disabled, as well as the ability to log in to the User Account and register new Accounts on the website."

According to TechCrunch's network traffic analysis, LetMeSpy's app is now completely non-functional, and the website has removed the ability to download the app.

In another notice on LetMeSpy's inactive login page, the company acknowledged that the hacker responsible for breaching their spyware operation had also downloaded and deleted data from its servers.

"This data may include the email address indicated as a login to the service, as well as phone call logs, the content of SMS messages and location data regarding users of devices on which the LetMeSpy application is installed, as well as their contacts," the company noted.

Those who wish to access the data within their User Accounts should contact the company individually before 30th September.

The notice says that, after the retention period required by law has expired, the data stored on user accounts will be deleted.

LetMeSpy's Android phone monitoring app was designed to conceal itself on victims' device, making it challenging to detect and uninstall.

Once installed on a phone, spyware apps like LetMeSpy infiltrate their messages, call logs and real-time location data.

The full extent of LetMeSpy's espionage abilities came to light when DDoSecrets, a nonprofit transparency group specialising in indexing leaked datasets of public interest, obtained a copy of their database.

The data revealed that until recently, LetMeSpy had access to sensitive information from more than 13,000 compromised Android devices worldwide.

Subsequent investigation unveiled that the app was developed by a tech company named Radeal, based in Krakow.

LetMeSpy's closure represents the latest case of spyware operations being shut down as a result of security incidents.

Another notable example is Spytrac, which maintained a database containing over a million user records.

Operated by Support King, the FTC banned the company in 2021 due to its failure to protect stolen data from their former flagship spyware app, SpyFone - although it was back in all but name just a few months later.