Skip to main content

WebDetetive Spyware Breach Exposes Massive Data Compromises and Links to OwnSpy

 In recent years, a spyware named WebDetetive, designed to operate in Portuguese, has been utilized to compromise over 76,000 Android smartphones primarily in South America, with a focus on Brazil. WebDetetive is the latest in a series of phone spyware companies that have fallen victim to hacking attacks in recent months.


The hackers, whose identity remains unknown, discovered and exploited several security vulnerabilities to infiltrate WebDetetive's servers and gain access to its user databases. Additionally, they manipulated weaknesses in the spyware maker's web dashboard, which abusers use to access stolen phone data from their targets. Using this approach, the hackers managed to extract all dashboard records, including customer email addresses.


The hackers also utilized their dashboard access to remove victim devices from the spyware network, effectively severing the server-level connection and preventing further data uploads. In a statement, the hackers asserted their motivation was to combat such intrusive spyware.


The cache of stolen data, comprising over 1.5 gigabytes, did not include the actual content from the victims' phones. DDoSecrets, a nonprofit group dedicated to transparency and data exposure, received the WebDetetive data and shared it with TechCrunch for analysis.


The data disclosed that WebDetetive had already compromised 76,794 devices at the time of the breach. It also revealed 74,336 unique customer email addresses. Notably, WebDetetive does not verify customer email addresses during registration, making it challenging to analyze the user base.


The identity of the hackers behind the WebDetetive breach remains unknown, and no contact information was provided. TechCrunch independently verified the authenticity of the stolen data by cross-referencing device identifiers in the cache with a publicly accessible endpoint on WebDetetive's server.


WebDetetive is categorized as a phone monitoring application that is surreptitiously installed on a person's phone without their consent, typically by someone with knowledge of the phone's passcode. Once installed, it disguises itself on the phone's home screen, making it difficult to detect and remove. The spyware then immediately begins surreptitiously uploading the phone's contents, including messages, call logs, recordings, photos, microphone recordings, social media data, and real-time location information, to its servers.


Despite the extensive access these "stalkerware" or "spouseware" applications have to a victim's private data, they are known for their unreliable coding, which further jeopardizes the already stolen data.



Little is known about WebDetetive, as spyware makers often conceal their identities to avoid legal repercussions. However, it appears to have strong connections to OwnSpy, another widely used phone spying app. Analysis of WebDetetive's Android app revealed it to be a repackaged version of OwnSpy's spyware, even retaining references to OwnSpy in its user agent.


OwnSpy, developed in Spain by Mobile Innovations and run by Antonio Calatrava, has been in operation since at least 2010 and claims 50,000 customers. OwnSpy also offers an affiliate program for promoting the app, potentially creating operational links between OwnSpy and WebDetetive.


WebDetetive is the second spyware maker targeted by a data-destructive hack in recent months, highlighting the vulnerabilities inherent in these types of applications. Such attacks could have unintended consequences for victims of spyware, potentially putting them at risk.


The WebDetetive data breach has raised concerns about customer notification and the security of the stolen data. Victims of spyware are advised to seek support from organizations like the Coalition Against Stalkerware.




To identify and remove WebDetetive, users can look for its "WiFi" icon, which disguises itself as an Android system Wi-Fi app. When viewed in the app info, it is listed as "Sistema." Removing Android spyware should be done cautiously, and users are encouraged to ensure Google Play Protect is enabled for added security.

Popular posts from this blog

Signal Introduces Usernames for Encrypted Messaging: A Secure Way to Connect

Signal, the encrypted messaging service, is launching a new feature in the coming weeks: support for usernames. This beta feature allows users to establish unique usernames, enabling connections without divulging phone numbers. source: Signal Blog To create a username, navigate to your settings and select "Profile." Once you've chosen a unique username, generate a QR code or link to share with others. Recipients can connect by entering your username into the chat bar. Usernames can be changed at any time, though previous usernames may be claimed by others. Signal began testing usernames last fall. Unlike social media platforms, Signal usernames do not serve as logins or public handles. They offer a discreet means of communication without revealing personal phone numbers. While a phone number is required to register for Signal, sharing it is optional. Usernames remain private and do not appear on profiles or in chats unless shared explicitly. As Randall Sarafa, Signal'

Safeguarding Internet Privacy: Supreme Court of Canada Upholds Protection of IP Addresses

In a recent ruling, the Supreme Court of Canada affirmed the significance of privacy rights concerning internet addresses. The court declared that police cannot simply obtain a suspect’s IP address without a court order, emphasizing the expectation of privacy that Canadian residents hold for such information. The court's decision stemmed from a case in 2017 involving Calgary police investigating fraudulent online activities at a liquor store. Initially, police demanded IP addresses from a credit card processor, which eventually led to obtaining subscriber information from Telus. This information was pivotal in making arrests and securing convictions in multiple offenses. Despite previous convictions, the accused contested the legality of obtaining IP addresses without proper authorization. The Supreme Court, in a 5-4 decision, asserted that IP addresses carry a reasonable expectation of privacy, necessitating judicial approval before access. The ruling emphasizes that obtaining jud

AT&T Resets Millions of Customer Passcodes After Data Leak: What You Need to Know

AT&T recently confirmed a significant data breach affecting over 7.6 million current customers and 65 million former customers. The leaked information, which dates back to 2019 or earlier, includes personal details like names, addresses, phone numbers, and social security numbers. Fortunately, financial information and call history were not compromised. In response to the breach, AT&T has reset passcodes for affected customers. Passcodes, usually four-digit numbers, serve as an additional layer of security when accessing accounts. However, security experts warn that the encrypted passcodes leaked alongside customer information could be easily deciphered, posing a risk of unauthorized account access. Affected customers are advised to set up free fraud alerts with major credit bureaus and remain vigilant for any suspicious activity related to their accounts. AT&T is proactively reaching out to impacted customers via email or letter to inform them about the breach and the meas