May 24, 2024 at 06:35PM
The pcTattletale spyware website was hacked, and databases and source code data were leaked, exposing a serious security flaw. Despite attempts to contact the developers, the vulnerability remains unresolved. A security researcher discovered the flaw and exposed it, prompting a hacker to deface the website and leak data. Meanwhile, the developer has yet to respond to inquiries.
Meeting Notes Takeaways:
– The pcTattletale spyware application’s website has been defaced by a hacker, and over a dozen archives containing database and source code data have been leaked.
– The app was found used in the booking systems of several Wyndham hotels in the United States, leaking real-time screenshots from Android phones and capturing guest details and customer information due to an API security vulnerability.
– A security researcher, Eric Daigle, discovered a serious vulnerability in pcTattletale’s API, allowing access to screen captures from any device using the spyware. He attempted to contact the developers to fix the issue but was unsuccessful.
– Bryan Fleming, the developer of pcTattletale, describes the software as “spy software,” while Microsoft tracks it as a threat for trying to steal sensitive and confidential information.
– Despite the hacker’s claim of not exploiting Daigle’s vulnerability, the hacker used a Python exploit to extract pcTattletale’s AWS credentials, gaining access to the source code and databases.
– Questions sent to Fleming by BleepingComputer remain unanswered.
Please let me know if you require any further information or details on the mentioned points.