LetMeSpy Breach – When the Spies Become Spied On

Android devices have all kinds of activity monitoring software that allows them to keep track of other individuals without their knowledge or consent. One of the most popular apps of the sort out there is none other than LetMeSpy – an Android app that tracks Calls, SMS, and GPS locations of the device it’s installed on.

This particular application gathers crucial information, and unfortunately, a breach occurred, exposing all that to the open. Yes, an unauthorized third party stole sensitive data belonging to thousands of Android users.

The phone monitoring app LetMeSpy disclosed the breach and stated that it occurred on June 21st, 2023. What data is at risk? How many users are affected? Find out below.

LetMeSpy Lets them Spy

Data breaches saw new heights in 2023, as cybercriminals have been targeting big companies all over the world, exposing millions of individuals in the process.

Most incidents occur when vulnerabilities are in place, which we’ve recently seen numerous times among major companies/manufacturers, including tech giants like Apple.

LetMeSpy became widely popular due to its spying capabilities and the fact that it stays hidden on a phone’s home screen, which makes it difficult to detect and remove.

These types of applications (stalkerware or spouseware) are often planted by spouses, domestic partners, or employers to keep track of a certain person and spy on their activities. Well, now, whatever they were spying on belongs to threat actors.

As we mentioned, most breaches happen due to a certain vulnerability, and LetMeSpy’s case is no different. Yes, as with most surveillance applications, LetMeSpy does contain bugs and security mistakes.

Threat actors know that, and they prey on it regularly. Unfortunately, a LetMeSpy breach can pose a bigger threat than with other apps.

This particular stalkerware harnessed has tracked over 236,322 phones across the world.

In fact, reports state that the app has siphoned over 63.5 million text messages, 39.7 million call logs, and 43.2 million locations.

In this incident, the Polish security research blog Niebezpiecznik reported that cybercriminals were able to harvest over 26,000 email addresses, 16,000 SMS messages, and a database of victims’ locations.

LetMeSpy did address the issue. In a statement, the service mentioned the following:

“As a result of the attack, the criminals gained access to email addresses, telephone numbers and the content of messages collected on accounts.”

The statement also mentions that a vulnerability did indeed exist. However, LetMeSpy fixed the issue, so there’s nothing to worry about anymore.

Another Breach – A Spying App with a Flaw

Since the breach includes email addresses, users should take proper precautions. The threat actors might use this data to perform future attacks.

Those include phishing attacks, which can cause devastating damage to the users. We highly recommend you stay vigilant when it comes to emails.

If any of these include a link, avoid clicking it. You can access a page by manually going there. In the end, it’s your privacy that’s at risk.