A Brazilian spyware app vendor was hacked by activists:
In an undated note seen by TechCrunch, the unnamed hackers described how they found and exploited several security vulnerabilities that allowed them to compromise WebDetetive’s servers and access its user databases. By exploiting other flaws in the spyware maker’s web dashboard—used by abusers to access the stolen phone data of their victims—the hackers said they enumerated and downloaded every dashboard record, including every customer’s email address.
The hackers said that dashboard access also allowed them to delete victim devices from the spyware network altogether, effectively severing the connection at the server level to prevent the device from uploading new data. “Which we definitely did. Because we could. Because #fuckstalkerware,” the hackers wrote in the note.
The note was included in a cache containing more than 1.5 gigabytes of data scraped from the spyware’s web dashboard. That data included information about each customer, such as the IP address they logged in from and their purchase history. The data also listed every device that each customer had compromised, which version of the spyware the phone was running, and the types of data that the spyware was collecting from the victim’s phone.
More Stories
Microsoft Fixes Over 130 CVEs in April Patch Tuesday
Microsoft has issued security updates to fix 130+ vulnerabilities this month, including one zero-day Read More
NCSC Warns of Spyware Targeting Chinese and Taiwanese Diaspora
The UK and allies have warned of new mobile spyware targeting Uyghur, Tibetan and Taiwanese communities Read More
Patch Tuesday, April 2025 Edition
Microsoft today released updates to plug at least 121 security holes in its Windows operating systems and software, including one...
The AI Fix #45: The Turing test falls to GPT-4.5
In episode 45 of The AI Fix, our hosts discover that ChatGPT is running the world, Mark learns that mattress...
Google Releases April Android Update to Address Two Zero-Days
Google’s latest Android update fixes 62 flaws, including two zero-days previously used in limited targeted attacks Read More
NIST Defers Pre-2018 CVEs to Tackle Growing Vulnerability Backlog
NIST marks CVEs pre-2018 as “Deferred” in the NVD as agency focus shifts to managing emerging threats Read More