Spyware maker LetMeSpy shuts down a month after suffering a breach

Recently, LetMeSpy, the manufacturer of espionage software used for monitoring Android devices, issued a notice on its official website stating that, due to prior cyberattacks, for security considerations, it will cease offering its services to anyone starting August 31, 2023.

“Dear All, we would like to kindly inform you that as of August 31, 2023, the letmespy.com website will cease operations, therefore we would like to provide you with some information,” the notice reads. “Due to the data security incident that took place on June 21, 2023, access to User Accounts was blocked, for security reasons. After that date, the LetMeSpy service was disabled, as well as the option to log into User Accounts and register new User Accounts on the site.”

The story begins in late June 2023, when LetMeSpy issued a warning in a public announcement regarding a data security incident. Unauthorized third parties had accessed the site’s user data, including email addresses, phone numbers, and the content of messages collected on accounts. Upon investigation, the breadth of information stolen by the hackers was found to be quite extensive. At least 13,000 devices’ data were pilfered, encompassing years of call records and text messages, as well as geographical locations of victims dating back to 2013. Most of the victims were located in the United States, India, and West Africa. Additionally, the attackers took control of the main database of the application, containing information about 26,000 free users and paid subscribers, such as their email addresses. More alarmingly, even the website of LetMeSpy was seized by the attackers.

However, the company’s plight failed to garner public sympathy. The majority of comments exuded a sentiment of “they got what they deserved.” This reaction is not difficult to comprehend, as despite the developers’ claims that their spyware application was designed to enable parents to monitor their children’s online activities, in reality, these applications were more frequently employed for malicious purposes. Furthermore, as these applications were usually designed to be highly covert, many victims were unaware that they had been installed on their devices. Consequently, these applications were considered illegal software in some countries and regions.

As for LetMeSpy, without notifying device owners, it uploaded all text messages, call records, and location data to its servers, sharing this information with those who had installed the application. This process exposed numerous risks, making it an ideal conduit for hackers to steal sensitive data. Avast, a cybersecurity company’s threat research division, recently stated that the threat from espionage software applications has increased more than threefold over the past three years.

Generally speaking, the following anomalies in a device could indicate a potential infection with spyware:

• Unexplained declines in performance, crashes, overheating, or excessive battery consumption;
• The sudden appearance of new browser homepages, new desktop icons, or different default search engines.