Mobile spyware company WebDetetive hacked, user data stolen, victim data deleted
Learn More
A Portuguese-language spyware application WebDetetive used to compromise over 76,000 Android devices, primarily in Brazil and across South America has been hacked. It's user data is stolen and published on the dark web and the data collected from victims who were spied on was deleted.
WebDetetive is the second instance of a spyware developer targeted by a destructive hack, after LetMeSpy, a polish spyware app ceased operations due to a hack that exposed and deleted data from their servers.
The attack
The unidentified hackers used various security vulnerabilities that allowed them to infiltrate WebDetetive's servers and gain access to its user databases. Through the weaknesses within the spyware web dashboard—used by malicious users to access the stolen data of their targets—the hackers systematically identified, every record from the dashboard, including the email addresses of all customers.
Then the user records were exfiltrated, and the victim devices with their data was fully deleted. from the spyware network, stopping any further collection of stolen data from compromised devices. The hackers commented, "Because #fuckstalkerware," in the messages that are part of the WebDetetive user data dump.
WebDetetive data dump is exceeding 1.5 gigabytes contains information about each user of the spyware platform, including the IP address of their login and purchase history. Additionally, it lists every device that each client had compromised, specifying the version of the spyware running on the device and the categories of data being harvested from the victim's phone.
It's important to note that the stolen content from victims' phones is not present in this data dump. There is no way to know whether the victim data is just destroyed or stolen as well.
Per the data dump WebDetetive had exploited 76,794 devices, related to 74,336 unique customer email addresses. However, WebDetetive does not validate customer email addresses during registration, which makes the analysis of the user base quite difficult.
What is WebDetetive
While limited information is available about WebDetetive, indications suggest that it shares significant commonalities with OwnSpy, created by Mobile Innovations in Spain and overseen by Antonio Calatrava, has been operational since at least 2010. No definitive links between OwnSpy and WebDetetive's administrators have been established.
WebDetetive is classified as a form of "phone monitoring" or "spouseware" application that is illicitly installed on a person's phone, often by someone who is privy to the phone's passcode. Once installed, the app modifies its icon on the phone's home screen to obscure its presence and make removal difficult. Subsequently, WebDetetive starts transferring the content of the device to its servers, including messages, call logs, call recordings, images, audio recordings from the phone's microphone, social media apps, and real-time precise location data.
If you suspect you are targeted by spyware, visit https://stopstalkerware.org/ for more resources.
