A Portuguese-language spyware named WebDetetive has been exploited by hackers, compromising over 76,000 Android phones primarily in South America, particularly Brazil.
The hackers breached WebDetetive’s servers by exploiting security vulnerabilities, gaining access to user databases, and downloading dashboard records containing customer email addresses. They claimed to have deleted victim devices from the spyware network, effectively severing connections and preventing data uploads. The breached cache contained data about compromised devices, customer IP addresses, purchase history, and spyware versions.
DDoSecrets, a nonprofit transparency collective, received the breached data and shared it with TechCrunch. The data revealed that WebDetetive had compromised 76,794 devices, and included 74,336 unique customer email addresses.
However, the true identities of the hackers and the extent of the damage remain unclear. The breach raises concerns about the security of so-called “stalkerware” apps that gain unauthorized access to victims’ phones, collecting personal data such as messages, call logs, recordings, photos, and location.
While little is known about WebDetetive’s administrators, the spyware’s origin can be linked to OwnSpy, another widely used phone spying app. TechCrunch found that WebDetetive’s Android app was a repackaged version of OwnSpy’s spyware, highlighting potential operational links. This incident further underscores the vulnerability of spyware companies to breaches, as evidenced by a recent trend of exposed and compromised data.
It’s essential for victims to be aware of and protect against spyware attacks that compromise their personal data and privacy.