LetMeSpy, a spyware based in Poland, has officially ceased operations following a devastating data breach in June. The breach resulted in the destruction of its servers and the significant amount of data that had been stolen from thousands of victims phones.
In an announcement posted on its website in both English and Polish, LetMeSpy confirmed the “permanent shutdown” of its spyware service, with operations set to conclude by the end of August. As part of the shutdown process, LetMeSpy has blocked user access, preventing both login attempts and new account registrations.
Further details regarding the data breach were disclosed in a notice on LetMeSpy’s former login page, which is now non-functional. According to the notice, the hacker responsible for the breach gained unauthorized access to the LetMeSpy website’s database and proceeded to download and delete data from the site.
Notably, LetMeSpy’s app is no longer operational, as confirmed by network traffic analysis conducted by TechCrunch. Additionally, the spyware maker’s website no longer provides access to the spyware app for download.
LetMeSpy was an Android phone monitoring app that specialized in remaining concealed on a victim’s phone home screen, making it challenging to detect and remove. Once installed on a person’s phone, often by someone with knowledge of their phone passcode, LetMeSpy would continuously steal various forms of data, including messages, call logs, and real-time location information.
An external organization, the nonprofit transparency collective DDoSecrets, managed to obtain a copy of LetMeSpy’s database. The leaked data, shared with TechCrunch for analysis, revealed that LetMeSpy had been used to steal data from over 13,000 compromised Android devices worldwide. Interestingly, LetMeSpy’s website had previously claimed that it had control over more than 236,000 devices before the breach occurred.
The database also contained information indicating that the spyware was developed by a Krakow-based tech company called Radeal. However, the chief executive of Radeal, Rafal Lidwin, did not respond to requests for comment.
LetMeSpy is the latest spyware operation to close down due to a security incident that not only exposed victims’ data but also revealed the identities of its real-world operators. In the past year, Spytrac, another spyware operation with over a million user records, was found to be operated by Support King, a tech company that had been banned from the surveillance industry by federal regulators in 2021 due to its failure to secure stolen data from its previous flagship spyware app, SpyFone.