Spyware App LetMeSpy Shutting Down After Hacker Breach

Mornin’ miners⛏️,

Happy Thursday!

Welcome to "Digger Insights" - your daily 5-minute enlightenment on recent tech updates! In our enjoyable and easily digestible dispatches, we break down the latest tech trends, giving you a quick and comprehensive view.

Join us, and in just a few minutes each day, you'll gain an advantageous perspective on the ever-evolving tech landscape. Ready to dive in?

Let’s get to it!

Today’s Highlights:

• 🖥️Spyware App LetMeSpy Shutting Down After Hacker Breach🕵️

• 💸Cybersecurity Startup Protect AI Raises $35M💰

LetMeSpy's Spying Has Backfired with Hackers Infiltrating Database

The ethics of planting phone monitoring apps, also often referred to as spyware, stalkerware, or spouseware, on a person’s phone has, for a long time, been argued. These types of apps access a person’s phone on a deep level, most of them tracking call logs, messages, emails, etc., and are sometimes done without consent.

The most recent public study on spyware in America, conducted in 2020 by Norton LifeLock and Harris Poll, shows that these apps, though often marketed as theft protection or child-monitoring tools, were used by 1 in 10 Americans to track partners and exes, some with abusive intent. Spyware apps are stealthy, usually running in the background with no notifications, and this is why many perceive them as dangerous.

Despite still being sold legally, the American Bar Association declares spyware illegal when installed surreptitiously without consent, and these apps actually fit in the category of malicious software. This makes the fact that they are still being legally sold and produced questionable. App stores are already taking action and making progress in removing spyware apps from their platforms, but some escape their grasp easily by rebranding and claiming to be child safety apps.

These conflicting happenings make the position of spyware apps confusing. Many parties have expressed its danger, its use falling under U.S. Federal wiretapping laws when done improperly, so why aren’t there any laws stopping them from being produced? What good do they do? Are they even safe?

Its safety becomes even more questionable due to the fact that database leaks are far from uncommon. This has happened recently to a spyware app called LetMeSpy, leading to its shutdown.

Hacker Breach

LetMeSpy is an Android-exclusive app marketed for parental control and employee monitoring. Designed to track messages, call logs, and locations, the app is a widely used one, and the majority of users tracked are located in the United States, India, and Western Africa.

Just last June, the app was hacked, with the hacker gaining unauthorized access to email addresses, telephone numbers, and contents of messages collected on LetMeSpy accounts. The breach was first reported by Niebezpiecznik, a Polish security researcher, revealing that the hacker stole and deleted data from LetMeSpy’s databases.

A nonprofit transparency organization named Distributed Denial of Secrets, known as DDoSecrets, gained a copy of the hacked LetMeSpy data and shared it with multiple journalists and researchers, one of them being a team at TechCrunch. TechCrunch has disclosed that the data breach resulted in at least 13,000 compromised devices. However, very little to no data from some of these devices weren’t shared with LetMeSpy, as the company behind LetMeSpy claims that it deletes data after two months of account inactivity.

Though the company’s account inactivity policy has saved at least some people from the data breach, this incident is still far from comforting. The hacked database also contains information about 26,000 customers who used the LetMeSpy app for free, as well as the email addresses of customers who bought paying subscriptions. With no identifiable information in the leaked data, it is unclear whether the company has the ability to inform the victims of the leak directly, and this poses a major privacy, and possibly security, risk.

The vexatious nature of spyware apps has made the identities of their developers often shied away from public view, as to shield them from the reputational and legal risks of creating apps considered a crime in many countries. This leak revealed the maker behind LetMeSpy, a Krakow-based company named Radeal. Recently exposed chief executive and developer Rafal Lidwin still hasn’t made any statements regarding LetMeSpy’s data breach.

Shutting Down

Despite no statements made, the team behind LetMeSpy has taken quick and direct action. The company revealed on its website that its spyware service will permanently shut down and cease operations by the end of August. LetMeSpy’s website is still accessible but no longer provides the option to download the spyware app. LetMeSpy is also blocking users who already own the app from logging in or signing up with new accounts.

LetMeSpy is only the latest spyware operation to shut down in the past year due to data exposure. Spyware app SpyTrac, marketed under the guise of parental control with over a million user records in its database, has also recently shut down.

The spyware was operated by a tech company named Support King, which had previously faced trouble with its flagship spyware maker SpyFone. SpyFone apparently “secretly harvested and shared data on people’s physical movements, phone use, and online activities through a hidden device hack.” This privacy breach led to The Federal Trade Commission banning SpyFone. It seems Support King didn’t learn from its mistake, and now both SpyTrac and Support King has been shut down.

These incidents only further instill our doubts about spyware apps’ safety and reliability. I don’t think it is far-fetched to say that until spyware developers manage to find a way to protect their users from data breaches and privacy risks, the creation of spyware apps will remain extremely questionable. Ethics are a different question, answered to each their own.

Funding News

Protect AI Raises $35 Million

Seattle-based cybersecurity startup Protect AI supports artificial intelligence and machine learning-focused companies by protecting their code. Protect AI has recently raised $35 million in its Series A funding and is dedicated to further support companies delving into AI and machine learning. According to CEO Ian Swanson, AI’s rapid adoption comes with elevated risks, and it is crucial for anyone wanting to play in the field to maintain and understand it. This is what Protect AI aims to help companies do.

The startup sells software for companies, mainly in the finance, healthcare, life sciences, energy, government, and tech industry, to monitor layers and components of their machine learning systems, helping them detect potential violations and logging information during attacks.

Protect AI’s flagship product is AI radar, a software that creates a machine learning bill of materials (BOM)* to track a company’s “software supply chain” components, like operation tools, platforms, models, data, services, and cloud infrastructure.

*BOM: Bill of Materials, an extensive list of raw materials, components, and instructions required to construct, manufacture, or repair a product or service.

The 25-personnel startup’s Series A was led by Evolution Equity Partners, supported by Salesforce Ventures, Acrew Capital, Boldstart Ventures, Knollwood Capital, and Pelion Ventures. After raising its $13.5 million seed round last December, Protect AI has raised a total of $48.5 million.

Meme & AI-Generated Picture

Job Posting

• Corvus Insurance - Senior Cyber Underwriter, Northeast Region - Boston, MA (Remote)

• Pax8 - AWS Technical Manager - Greater Denver Area (Remote/Hybrid)

• CrunchyRoll - Principal Product Designer, Service Monetization - San Francisco, CA (Remote/Hybrid)

• Ro - SVP of Product Design - New York City, NY (Remote/Hybrid)

Promote your product/service to Digger Insights’ Community

Advertise with Digger Insights. Digger Insights’ Miners are professionals and business owners with diverse Industry backgrounds who are looking for interesting and helpful tools, products, services, jobs, events, apps, and books. Email us [email protected]

Your feedback means a lot to us, please send it to [email protected]