US spyware vendor pcTattletale has shut down its operations following a serious data breach that exposed sensitive information about its customers, as well as data stolen from some of their victims.
pcTattletale was promoted as “employee and child monitoring software” designed to “protect your business and family.” Of course, what it actually was, was a way to surreptitiously spy upon other people’s phones and computers – secretly viewing everything they did.
The software bragged about being “100% Undetectable,” which leads to an interesting question. Why would pcTattletale need to be undetectable if it were used to monitor employees or children? Surely a parent or employer would only use the software with the permission and knowledge of their child or worker?
Of course, the reason is that stalkerware like pcTattletale can also be used for tracking the location and activities of people without their knowledge, remotely viewing screenshots and private information from anywhere in the world. It’s easy to imagine that many of those spied upon without consent will be spouses and domestic partners.
Regular readers of Hot for Security will know that it’s not unusual for stalkerware firms to suffer from weak security, spilling their databases of information about their customers as well as the victims who are spied upon. Last August, for instance, we reported on how the LetMeSpy stalkerware (on reflection, the clue was in the app’s name) had been hacked and went out of business.
The latest casualty amongst the creepy spouseware vendors is pcTattletale. A few days ago, we reported on how the website of pcTattletale had been defaced, and its database and source code leaked.
The first clue for most customers of pcTattletale was probably that the stalkerware’s homepage was altered.
Instead of the normal pcTattletale website trumpeting the abilities of its “employee and child monitoring” software…
…the site was defaced with a message from a hacker, linking to tens of gigabytes worth of files claiming to contain the company’s databases.
The leaked data included details of 138,751 customer accounts, including device information, email addresses, IP addresses, names, passwords, phone numbers, physical addresses, SMS messages, and usernames.
The pcTattletale website is now offline, and in a brief statement to TechCrunch, app founder Bryan Fleming said his company was “out of business and completely done.”
Regardless of the ethics of a stalkerware operation, there are obviously some lessons here that all businesses need to learn about the importance of proper cybersecurity, especially when handling such sensitive information.
But more than that, the wider public needs to understand that using stalkerware to spy on others without their permission is never acceptable. And if you do decide to digitally stalk somebody with an app like pcTattletale, you run the risk of your creepy behaviour becoming public knowledge when the service suffers a security breach.
If you want to learn more about the stalkerware menace, or are concerned that someone might be using spyware against you, I would recommend visiting the website of the Coalition Against Stalkerware.