LetMeSpy, a spyware service based in Poland, has officially ceased operations and shut down following a data breach in June. The breach resulted in the destruction of its servers, which held a vast amount of data stolen from thousands of victims' phones.
In an announcement posted on its website in both English and Polish, LetMeSpy confirmed its "permanent shutdown" and revealed that all services would be discontinued by the end of August. Users are now prevented from logging in or creating new accounts.
A notice on LetMeSpy's former login page, which is no longer functional, corroborated earlier reports that the hacker responsible for the breach also deleted all data stored on the servers. The breach involved unauthorized access to the LetMeSpy website's database, during which the attacker downloaded and removed data from the site.
As a result of the breach, LetMeSpy's app is no longer operational, as confirmed by network traffic analysis conducted by TechCrunch. Additionally, the spyware maker's website no longer provides the spyware app for download.
LetMeSpy was an Android phone monitoring app specifically designed to remain hidden on a victim's phone home screen, making it challenging to detect and remove. Once installed on a person's phone, often by someone with knowledge of their passcode, apps like LetMeSpy continuously stole the individual's messages, call logs, and real-time location data.
Nonprofit transparency collective DDoSecrets obtained a copy of the database and shared it with TechCrunch for analysis. The data revealed that LetMeSpy had been used to steal information from over 13,000 compromised Android devices worldwide. Before the breach, LetMeSpy's website claimed control over more than 236,000 devices. The spyware's development was linked to a tech company called Radeal, located in Krakow, whose CEO, Rafal Lidwin, did not respond to requests for comment.
LetMeSpy is the latest spyware operation to shut down due to a security incident that not only exposed victims' data but also revealed the identities of its real-world operators. Spytrac, another spyware service with over a million user records, was discovered to be operated by Support King, a tech company that had been banned from the surveillance industry by federal regulators in 2021 for its failure to secure stolen data from its previous flagship spyware app, SpyFone.