Spyware Vendor Hacked

https://www.schneier.com/

A Brazilian spyware app vendor was hacked by activists:

In an undated note seen by TechCrunch, the unnamed hackers
described how they found and exploited several security
vulnerabilities that allowed them to compromise WebDetetive�s servers
and access its user databases. By exploiting other flaws in the
spyware maker�s web dashboard�used by abusers to access the stolen
phone data of their victims�the hackers said they enumerated and
downloaded every dashboard record, including every customer�s email
address.

The hackers said that dashboard access also allowed them to
delete victim devices from the spyware network altogether,
effectively severing the connection at the server level to prevent
the device from uploading new data. �Which we definitely did. Because
we could. Because #fuckstalkerware,� the hackers wrote in the note.

The note was included in a cache containing more than 1.5
gigabytes of data scraped from the spyware�s web dashboard. That data
included information about each customer, such as the IP address they
logged in from and their purchase history. The data also listed every
device that each customer had compromised, which version of the
spyware the phone was running, and the types of data that the spyware
was collecting from the victim�s phone.

On Thu, 14 Sep 2023 14:58:32 +0200, Fritz Wuehler <fritz@spamexpire-202309.rodent.frell.theremailer.net> wrote:
>Spyware Vendor Hacked
>https://www.schneier.com/
>A Brazilian spyware app vendor was hacked by activists:
> In an undated note seen by TechCrunch, the unnamed hackers
>described how they found and exploited several security
>vulnerabilities that allowed them to compromise WebDetetive's servers
>and access its user databases. By exploiting other flaws in the
>spyware maker's web dashboard--used by abusers to access the stolen
>phone data of their victims--the hackers said they enumerated and
>downloaded every dashboard record, including every customer's email
>address.
> The hackers said that dashboard access also allowed them to
>delete victim devices from the spyware network altogether,
>effectively severing the connection at the server level to prevent
>the device from uploading new data. "Which we definitely did. Because
>we could. Because #fuckstalkerware," the hackers wrote in the note.
> The note was included in a cache containing more than 1.5
>gigabytes of data scraped from the spyware's web dashboard. That data
>included information about each customer, such as the IP address they
>logged in from and their purchase history. The data also listed every
>device that each customer had compromised, which version of the
>spyware the phone was running, and the types of data that the spyware
>was collecting from the victim's phone.

(using Tor Browser 12.5.4 to open these links)
https://en.wikipedia.org/wiki/TechCrunch
>TechCrunch is an American global online newspaper focusing on high tech and
>startup companies. It was founded in June 2005 by Archimedes Ventures, led
>by partners Michael Arrington and Keith Teare.[4]
>In 2010, AOL acquired the company for approximately $25 million. Following
>the 2015 acquisition of AOL and Yahoo by Verizon, the site was owned by
>Verizon Media from 2015 through 2021. In 2021 Verizon sold its media assets,
>including AOL, Yahoo, and TechCrunch, to the private equity firm Apollo
>Global Management, and Apollo integrated them into a new entity called
>Yahoo! Inc..
>In addition to its news reporting, TechCrunch is also known for its Disrupt
>conference, an annual technology event hosted in several cities across
>United States, Europe, and China.
>...snip
>From 2007 to 2017, TechCrunch sponsored the annual Crunchies award ceremony
>to award startups, internet and technology innovations.[26] At the first
>award ceremony in 2007, Facebook won the award for best startup.
[end quote]