Wednesday, April 17, 2024

Spyware Company Got Hacked – Attackers Stole Login Credentials, Audio Recordings, Pictures, and Text Messages

Spyware Company TheTruthSpy got hacked and the hacker has stolen login credentials, pictures, pictures, audio recordings, text messages, location information, and social media chats.

TheTruthSpy is a mobile spy phone software for iOS and Android, advertised as the best way to track someone’s iPhone/iPad and Android phones.

A hacker with initials L.M. told Motherboard that he gained access to the TheTruthSpy servers on February that has more than more than 10,000 customer accounts. He claimed that “I [have] admin access to the servers.” and “I control victims all over the world.”

Motherboard verified the breach with the sample of login credentials shared by the hacker and the data found authentic.

Access to TheTruthSpy Servers

He gained access to the TheTruthSpy Servers by reversing engineering the android app and exploiting a vulnerability in it. Inside the media server, L.M. said he saw the unique IDs of all customers within audio files, which were named “cell phone ID_date_time.”

The vulnerability resides in how the user credentials are requested, TheTruthSpy app requests the user credentials by sending the ID to the company servers by using a web request that returns the login credentials in plaintext.

L.M. said Motherboard by using an automated script he harvested all the customers’ credentials. he also warned that most of the customers reuse the credentials with their mail, PayPal or Amazon accounts.

Recently another spyware company Spyfone exposed terabytes of data that includes audio recordings, text messages, photos and web history from an unsecured Amazon S3 bucket.

Also Read

T-Mobile Hacked – Attackers Stolen 2 Million Customers Sensitive Data

New Form of Mirai Malware Attacking Cross Platform By leveraging Open-Source Project

37,000 Eir Customer’s Personal Data Exposed as their Company Laptop Stolen


Latest articles

LightSpy Hackers Target Indian Apple Device Users To Steal Sensitive Data

Hackers target Apple device users because they are perceived to be of higher social...

Trustifi’s Email Security Awareness Training – Empowering MSPs to Train & Protect Clients

In today's digital landscape, email security has become a critical concern for businesses of...

Personal Data Exposed in Massive Global Hack: Understanding the Implications & Guarding Privacy- Axios Security Group

In a digital age where information is the new currency, the recent global hack...

Ex-Security Engineer Jailed For Hacking Decentralized Cryptocurrency Exchanges

Ahmed exploited a vulnerability in a decentralized cryptocurrency exchange's smart contract by injecting fabricated...

Omni Hotels & Resorts Hack: Attackers have Stolen Customer Information

Omni Hotels & Resorts has revealed that it was the target of a recent...

Connect:fun Attacking Organizations Running Fortinet’s FortiClient EMS

A new exploit campaign has emerged, targeting organizations that utilize Fortinet’s FortiClient EMS.Dubbed...

TA558 Hackers Compromised 320+ Organizations’ FTP & SMTP Servers

TA558, a financially motivated threat actor identified in 2018, is targeting several countries but...
Guru baran
Guru baran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Top 3 SME Attack Vectors

Securing the Top 3 SME Attack Vectors

Cybercriminals are laying siege to small-to-medium enterprises (SMEs) across sectors. 73% of SMEs know they were breached in 2023. The real rate could be closer to 100%.

  • Stolen credentials
  • Phishing
  • Exploitation of vulnerabilities

Related Articles