Thursday, March 28, 2024

Spyware Company Got Hacked – Attackers Stole Login Credentials, Audio Recordings, Pictures, and Text Messages

Spyware Company TheTruthSpy got hacked and the hacker has stolen login credentials, pictures, pictures, audio recordings, text messages, location information, and social media chats.

TheTruthSpy is a mobile spy phone software for iOS and Android, advertised as the best way to track someone’s iPhone/iPad and Android phones.

A hacker with initials L.M. told Motherboard that he gained access to the TheTruthSpy servers on February that has more than more than 10,000 customer accounts. He claimed that “I [have] admin access to the servers.” and “I control victims all over the world.”

Motherboard verified the breach with the sample of login credentials shared by the hacker and the data found authentic.

Access to TheTruthSpy Servers

He gained access to the TheTruthSpy Servers by reversing engineering the android app and exploiting a vulnerability in it. Inside the media server, L.M. said he saw the unique IDs of all customers within audio files, which were named “cell phone ID_date_time.”

The vulnerability resides in how the user credentials are requested, TheTruthSpy app requests the user credentials by sending the ID to the company servers by using a web request that returns the login credentials in plaintext.

L.M. said Motherboard by using an automated script he harvested all the customers’ credentials. he also warned that most of the customers reuse the credentials with their mail, PayPal or Amazon accounts.

Recently another spyware company Spyfone exposed terabytes of data that includes audio recordings, text messages, photos and web history from an unsecured Amazon S3 bucket.

Also Read

T-Mobile Hacked – Attackers Stolen 2 Million Customers Sensitive Data

New Form of Mirai Malware Attacking Cross Platform By leveraging Open-Source Project

37,000 Eir Customer’s Personal Data Exposed as their Company Laptop Stolen

Website

Latest articles

Hackers Actively Exploiting Ray AI Framework Flaw to Hack Thousands of Servers

A critical vulnerability in Ray, an open-source AI framework that is widely utilized across...

Chinese Hackers Attacking Southeast Asian Nations With Malware Packages

Cybersecurity researchers at Unit 42 have uncovered a sophisticated cyberespionage campaign orchestrated by two...

CISA Warns of Hackers Exploiting Microsoft SharePoint Server Vulnerability

Cybersecurity and Infrastructure Security Agency (CISA) has warned about a critical vulnerability in Microsoft...

Microsoft Expands Edge Bounty Program to Include WebView2!

Microsoft announced that Microsoft Edge WebView2 eligibility and specific out-of-scope information are now included...

Beware of Free Android VPN Apps that Turn Your Device into Proxies

Cybersecurity experts have uncovered a cluster of Android VPN applications that covertly transform user...

ZENHAMMER – First Rowhammer Attack Impacting Zen-based AMD Platforms

Despite AMD's growing market share with Zen CPUs, Rowhammer attacks were absent due to...

Airbus to Acquire INFODAS to Strengthen its Cybersecurity Portfolio

Airbus Defence and Space plans to acquire INFODAS, a leading cybersecurity and IT solutions...
Guru baran
Guru baranhttps://gbhackers.com
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Mitigating Vulnerability Types & 0-day Threats

Mitigating Vulnerability & 0-day Threats

Alert Fatigue that helps no one as security teams need to triage 100s of vulnerabilities.

  • The problem of vulnerability fatigue today
  • Difference between CVSS-specific vulnerability vs risk-based vulnerability
  • Evaluating vulnerabilities based on the business impact/risk
  • Automation to reduce alert fatigue and enhance security posture significantly

Related Articles