A hacker broke into the servers of TheTruthSpy, one of the most recognized stalkerware companies
A company dedicated to selling spyware that directs its advertising specifically to domestic abusers has been hacked, as reported by cyber security organization specialists from the International Institute of Cyber Security.
The hacker, who calls himself L.M., revealed to a digital media that he gained access to the servers of TheTruthSpy, a company that sells an Android and iOS spy app (known as stalkerware). The hacker was able to steal logins and passwords, images, audio recordings intercepted from victims’ phones, text messages, location information and social network chats, among other data.
“I have control over victims all around the world”, the hacker said a few months ago, when it was revealed that he had compromised the company’s information.
L.M. shared to the media a sample of usernames and logins of TheTruthSpy clients. This way, cyber security organization experts were able to verify that about half of them were active TheTruthSpy accounts when trying to use the respective email addresses to create a new account. In many cases this was not possible, because the website mentioned that the user already existed. “They care about how to spy, but don’t care about how to secure their users and victims’ privacy”, mentioned the hacker. L.M. also mentioned that he recently lost access to the site when TheTruthSpy updated its servers.
L.M. said he could hack into the company’s media server after reverse-engineering the Android app and finding a serious vulnerability. The hacker warned that many of TheTruthSpy customers used the same passwords for their email, PayPal or Amazon accounts, mentioning that he entered those accounts but did not steal money.
This is the seventh company that sells spyware to common users to be hacked over the last two years. Many hackers have focused their attacks on the fragile consumer spyware industry, exposing their mediocre cyber security organization and questionable ethics. TheTruthSpy has often been used as an example of questionable actor in the industry. The company’s blog announces its products as a solution for “spying on a cheater husband” mentioning that the software is “undetectable” and “silent”.
“Although there are several companies that sell programs to spy on their lower-quality partners in the market, there are some genuine products worth considering. One of my favorite programs to spy on my partner is TheTruthSpy, known for its quality and novel features”, mentions a company’s blog post.
The founder of StealthGenie, another company that commercialized software for domestic abusers, was arrested and charged in 2014. In the United States, selling spyware to parents or employers is not considered illegal, but if a company sells its product to adults for use with other adults, that is considered a crime.
Cyber security organization specialists mention that undue access to this information could be very dangerous; a hacker can know everything about anybody and also know the identity of the domestic abuser, which makes them easy victims to online extortion and other cybercrimes.
Working as a cyber security solutions architect, Alisa focuses on bug bounty and network security. Before joining us she held a cyber security researcher positions within a variety of cyber security start-ups. She also experience in different industry domains like finance, healthcare and consumer products.