An unknown hacker took revenge on the app developers using their own methods.
A hacker broke into the website of the pcTattletale spy app, which, as it turned out, was installed in the check-in systems of several Wyndham hotels in the United States. The attacker posted offensive content on the official page and leaked more than a dozen archives containing databases and the source code of the program to the public.
The developers positioned pcTattletale as "a program for monitoring the activity of employees and children." However, according to the TechCrunch resource, due to a vulnerability in the software interface (API), the application also stole confidential guest data and client information recorded in the registration systems.
Well-known researcher Eric Daigle was the first to discover the presence of the pcTattletale spyware application in the operating systems of the Wyndham hotels. He published a detailed analysis in which he explained that the critical vulnerability he discovered in the API allowed attackers to access screenshots secretly taken by the application on victims devices.
Earlier, three years ago, the Vice publication already talked about the fact that pcTattletale is able to take screenshots in real time from Android gadgets.
Daigle repeatedly, but to no avail, tried to contact the app developers, urging them to urgently fix the problem. Unfortunately, his appeals were ignored.
The activity of the creators of pcTattletale looks especially scandalous against the background of an old video on YouTube, where Brian Fleming, who is the author of this program, almost openly calls his brainchild "spyware". The video was published seven years ago.
"Download the free trial version and install it on your home computer under Windows - and you will see that it works amazing. It's amazing how the app records keystrokes, allowing you to track any activity of your children or employees at the PC."
Despite the developer's words, Microsoft still classifies pcTattletale as malware. After Eric Daigle made public information about the discovered critical vulnerability, a hacker took it as a challenge. He claims that he did not use the same vulnerability that Daigle wrote about. Instead, he allegedly used a Python exploit to extract AWS credentials via the application's own SOAP interface. This allowed us to get the source code.
Initially, the BleepingComputer resource turned to Brian Fleming with a request to explain what happened, but there was no immediate response.
Later, the hacker published a video in which, as he claims, the owner of pcTattletale is trying to restore the hacked site via FTP. It's funny that this video was allegedly obtained using the very same pcTattletale spyware installed on Fleming's device.
At the moment, the official site of the spy app is not functioning. The popular leak tracking service Have I Been Pwned has added information about the incident to its database.
According to the head of HIBP, Troy Hunt, as a result of the attack, about 100 GB of data was publicly available, including device information, MD5 password hashes and intercepted SMS messages for 139,000 unique email addresses. About 58% of them were already present in the HIBP database as compromised earlier in other incidents.
In addition, Troy Hunt learned that more than a thousand subscribers of his Have I Been Pwned service will be notified that their personal data was compromised as a result of a leak that occurred due to the pcTattletale hack.
A hacker broke into the website of the pcTattletale spy app, which, as it turned out, was installed in the check-in systems of several Wyndham hotels in the United States. The attacker posted offensive content on the official page and leaked more than a dozen archives containing databases and the source code of the program to the public.
The developers positioned pcTattletale as "a program for monitoring the activity of employees and children." However, according to the TechCrunch resource, due to a vulnerability in the software interface (API), the application also stole confidential guest data and client information recorded in the registration systems.
Well-known researcher Eric Daigle was the first to discover the presence of the pcTattletale spyware application in the operating systems of the Wyndham hotels. He published a detailed analysis in which he explained that the critical vulnerability he discovered in the API allowed attackers to access screenshots secretly taken by the application on victims devices.
Earlier, three years ago, the Vice publication already talked about the fact that pcTattletale is able to take screenshots in real time from Android gadgets.
Daigle repeatedly, but to no avail, tried to contact the app developers, urging them to urgently fix the problem. Unfortunately, his appeals were ignored.
The activity of the creators of pcTattletale looks especially scandalous against the background of an old video on YouTube, where Brian Fleming, who is the author of this program, almost openly calls his brainchild "spyware". The video was published seven years ago.
"Download the free trial version and install it on your home computer under Windows - and you will see that it works amazing. It's amazing how the app records keystrokes, allowing you to track any activity of your children or employees at the PC."
Despite the developer's words, Microsoft still classifies pcTattletale as malware. After Eric Daigle made public information about the discovered critical vulnerability, a hacker took it as a challenge. He claims that he did not use the same vulnerability that Daigle wrote about. Instead, he allegedly used a Python exploit to extract AWS credentials via the application's own SOAP interface. This allowed us to get the source code.
Initially, the BleepingComputer resource turned to Brian Fleming with a request to explain what happened, but there was no immediate response.
Later, the hacker published a video in which, as he claims, the owner of pcTattletale is trying to restore the hacked site via FTP. It's funny that this video was allegedly obtained using the very same pcTattletale spyware installed on Fleming's device.
At the moment, the official site of the spy app is not functioning. The popular leak tracking service Have I Been Pwned has added information about the incident to its database.
According to the head of HIBP, Troy Hunt, as a result of the attack, about 100 GB of data was publicly available, including device information, MD5 password hashes and intercepted SMS messages for 139,000 unique email addresses. About 58% of them were already present in the HIBP database as compromised earlier in other incidents.
In addition, Troy Hunt learned that more than a thousand subscribers of his Have I Been Pwned service will be notified that their personal data was compromised as a result of a leak that occurred due to the pcTattletale hack.
