pcTattletale, a company known for its remote surveillance software often labeled as “stalkerware,” has ceased operations following a significant data breach. The breach not only compromised the company’s website but also led to the leak of extensive customer data and victims’ information.
Over the weekend, a hacker defaced the pcTattletale website and released links to large datasets from the company’s servers. These datasets included customer databases and numerous screenshots from the devices on which the spyware was installed. pcTattletale’s founder, Bryan Fleming, announced that the company is “out of business and completely done,” citing the extensive breach and subsequent exposure of sensitive data.
Nature of the Spyware
pcTattletale marketed itself as a tool for monitoring employees but also promoted uses that included spying on spouses or domestic partners without their consent—a practice that is illegal. The software enabled users to remotely view screenshots of the victims’ Android or Windows devices, collecting vast amounts of private data without the victims’ knowledge.
Impact of the Breach
According to reports, more than 300 million screenshots from victims’ devices were stored on pcTattletale’s Amazon S3 storage servers, dating back several years. These screenshots became publicly accessible following the breach, raising serious privacy concerns. The breach notification site, Have I Been Pwned, indicates that 138,000 customers had signed up for the service, all of whom are potentially affected by this exposure.
![pcTattletale screenshot](https://i0.wp.com/nosisnews.com/wp-content/uploads/2024/05/image-116.png?resize=1024%2C576&ssl=1)
![pcTattletale screenshot](https://i0.wp.com/nosisnews.com/wp-content/uploads/2024/05/image-116.png?resize=1024%2C576&ssl=1)
Following the breach, Fleming took steps to mitigate the damage by deleting the company’s Amazon Web Services account and the data it contained. However, this action has led to further issues, including an “AllAccessDisabled” error from Amazon, indicating that the account has been blocked completely. Fleming has stated that he did not retain a copy of the data and did not provide a clear rationale for deleting the data without notifying those affected.
The situation with pcTattletale is reflective of broader concerns with spyware or stalkerware applications, which are often prone to security vulnerabilities. Such applications have faced scrutiny and legal actions, including shutdowns by federal regulators like the Federal Trade Commission (FTC), although the FTC has not commented specifically on pcTattletale.
This incident is not isolated within the spyware industry. Other spyware makers, such as the Polish-developed LetMeSpy and the apps PhoneSpector and Highster, have previously shut down following breaches and regulatory investigations, highlighting the ongoing risks and challenges within this controversial industry sector.