The server of the consumer spyware 'pcTattletale,' which is said to have vulnerabilities, was hacked and internal data was leaked

The American consumer spyware app 'pcTattletale' was hacked and its internal data was made public on its official website. pcTattletale had a vulnerability that was exploited to leak personal information of hotel guests onto the Internet.

Spyware app pcTattletale was hacked and its website defaced | TechCrunch

https://techcrunch.com/2024/05/25/spyware-app-pctattletale-was-hacked-and-its-website-defaced/

pcTattletale is a spyware that can track devices without the owner's knowledge or consent. Although it is sold to general consumers, it is also called a 'stalker app' due to its high tracking capabilities. pcTattletale is available for Android and Windows, and the person who installed the app can remotely view the data of the device at any time.

In May 2024, it was discovered that pcTattletale had been installed in the check-in computer at a Wyndham Destinations hotel. pcTattletale was taking screenshots of the check-in computer, and it was also revealed that someone had exploited a vulnerability in pcTattletale to leak screenshots of guests' personal information onto the Internet.

Spyware found on hotel check-in computer, guest information screenshotted and leaked onto the Internet - GIGAZINE

pcTattletale was hacked, and a message from the hacker was displayed on the official website. The hacker posted a message on pcTattletale's official website on May 24, 2024 local time, claiming to have hacked pcTattletale's server. The official website of pcTattletale contained links to files that appeared to have been obtained from the server, and also contained what appeared to be personal information of hotel guests that had been leaked due to a vulnerability in pcTattletale. TechCrunch, a technology media outlet that reported that the official website of pcTattletale had been hacked, stated, 'Out of consideration for those whose personal information was leaked, we are not publishing the URL that was posted on the official website of pcTattletale.'

TechCrunch has reached out to pcTattletale founder Brian Fleming for comment, but has not received a response at the time of writing. However, TechCrunch said, 'Because pcTattletale is no longer running, it's unclear whether Fleming would be able to receive emails in the first place.'

The hacker who hacked pcTattletale has not revealed the specific motive behind the hack. However, TechCrunch highlights that the hack took place several days after the vulnerability in pcTattletale was reported. Eric Daigle, the security researcher who reported the vulnerability in pcTattletale, made the vulnerability public without revealing any details because pcTattletale has ignored requests to fix the vulnerability.

The hackers who compromised pcTattletale did not exploit the vulnerability Daigle discovered, but they claim they were able to trick the pcTattletale server into handing over the private key to an Amazon Web Services account that would allow access to the spyware's operations.

According to TechCrunch statistics, there have been many hacks targeting spyware makers in recent years, with 12 confirmed cases recorded. There have been several cases, such as this one, where the victim's personal information was leaked. Spyware makers that have been hacked in the past include KidsGuard, Xnspy, Support King, and Spyhide.