Tuesday, March 19, 2024

Spyware Company Got Hacked – Attackers Stole Login Credentials, Audio Recordings, Pictures, and Text Messages

Spyware Company TheTruthSpy got hacked and the hacker has stolen login credentials, pictures, pictures, audio recordings, text messages, location information, and social media chats.

TheTruthSpy is a mobile spy phone software for iOS and Android, advertised as the best way to track someone’s iPhone/iPad and Android phones.

A hacker with initials L.M. told Motherboard that he gained access to the TheTruthSpy servers on February that has more than more than 10,000 customer accounts. He claimed that “I [have] admin access to the servers.” and “I control victims all over the world.”

Motherboard verified the breach with the sample of login credentials shared by the hacker and the data found authentic.

Access to TheTruthSpy Servers

He gained access to the TheTruthSpy Servers by reversing engineering the android app and exploiting a vulnerability in it. Inside the media server, L.M. said he saw the unique IDs of all customers within audio files, which were named “cell phone ID_date_time.”

The vulnerability resides in how the user credentials are requested, TheTruthSpy app requests the user credentials by sending the ID to the company servers by using a web request that returns the login credentials in plaintext.

L.M. said Motherboard by using an automated script he harvested all the customers’ credentials. he also warned that most of the customers reuse the credentials with their mail, PayPal or Amazon accounts.

Recently another spyware company Spyfone exposed terabytes of data that includes audio recordings, text messages, photos and web history from an unsecured Amazon S3 bucket.

Also Read

T-Mobile Hacked – Attackers Stolen 2 Million Customers Sensitive Data

New Form of Mirai Malware Attacking Cross Platform By leveraging Open-Source Project

37,000 Eir Customer’s Personal Data Exposed as their Company Laptop Stolen

Website

Latest articles

Beware Of Free wedding Invite WhatsApp Scam That Steal Sensitive Data

The ongoing "free wedding invite" scam is one of several innovative campaigns aimed at...

Hackers Using Weaponized SVG Files in Cyber Attacks

Cybercriminals have repurposed Scalable Vector Graphics (SVG) files to deliver malware, a technique that...

New Acoustic Keyboard Side Channel Attack Let Attackers Steal Sensitive Data

In recent years, personal data security has surged in importance due to digital device...

Discontinued WordPress Plugin Flaw Exposes Websites to Cyber Attacks

A critical vulnerability was discovered in two plugins developed by miniOrange.The affected plugins,...

ShadowSyndicate Hackers Exploiting Aiohttp Vulnerability To Access Sensitive Data

A new Aiohttp vulnerability has been discovered, which the threat actor ShadowSyndicate exploits.Aiohttp...

Hackers Launching AI-Powered Cyber Attacks to Steal Billions

INTERPOL's latest assessment on global financial fraud uncovers the sophisticated evolution of cybercrime, fueled...

Fujitsu Hacked – Attackers Infected The Company Computers with Malware

Fujitsu Limited announced the discovery of malware on several of its operational computers, raising...
Guru baran
Guru baranhttps://gbhackers.com
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Mitigating Vulnerability Types & 0-day Threats

Mitigating Vulnerability & 0-day Threats

Alert Fatigue that helps no one as security teams need to triage 100s of vulnerabilities.

  • The problem of vulnerability fatigue today
  • Difference between CVSS-specific vulnerability vs risk-based vulnerability
  • Evaluating vulnerabilities based on the business impact/risk
  • Automation to reduce alert fatigue and enhance security posture significantly

Related Articles