We review vendors based on rigorous testing and research but also take into account your feedback and our affiliate commission with providers. Some providers are owned by our parent company.
Learn more
vpnMentor was established in 2014 to review VPN services and cover privacy-related stories. Today, our team of hundreds of cybersecurity researchers, writers, and editors continues to help readers fight for their online freedom in partnership with Kape Technologies PLC, which also owns the following products: ExpressVPN, CyberGhost, and Private Internet Access which may be ranked and reviewed on this website. The reviews published on vpnMentor are believed to be accurate as of the date of each article, and written according to our strict reviewing standards that prioritize professional and honest examination of the reviewer, taking into account the technical capabilities and qualities of the product together with its commercial value for users. The rankings and reviews we publish may also take into consideration the common ownership mentioned above, and affiliate commissions we earn for purchases through links on our website. We do not review all VPN providers and information is believed to be accurate as of the date of each article.
Advertising Disclosure

vpnMentor was established in 2014 to review VPN services and cover privacy-related stories. Today, our team of hundreds of cybersecurity researchers, writers, and editors continues to help readers fight for their online freedom in partnership with Kape Technologies PLC, which also owns the following products: ExpressVPN, CyberGhost, and Private Internet Access which may be ranked and reviewed on this website. The reviews published on vpnMentor are believed to be accurate as of the date of each article, and written according to our strict reviewing standards that prioritize professional and honest examination of the reviewer, taking into account the technical capabilities and qualities of the product together with its commercial value for users. The rankings and reviews we publish may also take into consideration the common ownership mentioned above, and affiliate commissions we earn for purchases through links on our website. We do not review all VPN providers and information is believed to be accurate as of the date of each article.

TheTruthSpy Breached, Exposing Data of 50,000 Devices

TheTruthSpy Breached, Exposing Data of 50,000 Devices
Author Image Husain Parvez
Husain Parvez Published on 15th February 2024 Cybersecurity Researcher

In a significant breach of privacy, TheTruthSpy, a surveillance application, has been hacked, compromising the data of over 50,000 Android devices across the globe. This incident marks the fourth time the application has fallen victim to hackers due to the same unfixed security flaw.

According to Malwarebytes Labs, TheTruthSpy's operations have been under scrutiny for their inadequate cybersecurity measures since 2022. This latest breach was performed by two independent hacking groups, ByteMeCrew and SiegedSec, who exploited a known Insecure Direct Object Reference (IDOR) vulnerability within TheTruthSpy's system.

This flaw, discovered in 2022 and still unfixed, grants access to the personal data of those the app is being used to monitor, including text logs, call history, and precise location information.

Highlighting the app’s controversial nature, Malwarebytes stated: “TheTruthSpy markets itself as a tool that can be placed in the hands of employers who want to keep tabs on employees in the workplace, or in the hands of parents who want to look after their kids. But it can just as easily be placed in the hands of stalkers, abusive partners, or someone who just wants to get a leg up in their divorce proceedings.”

Switzerland-based hacker maia arson crimew criticized TheTruthSpy for not addressing the security vulnerability that has been known for years. "They had like two years to fix this," crimew expressed, showing frustration over the repeated negligence shown by TheTruthSpy's developers.

The hacking groups behind the breach have assured that the data will not be publicly released, considering its sensitive nature. TechCrunch, in response to the ongoing threat posed by TheTruthSpy, has updated its spyware lookup tool, allowing users to check if their devices have been compromised.

This latest breach is a continuation of TheTruthSpy's troubled history, with previous incidents also resulting in the exposure of data. Both the ethical implications of stalkerware and the responsibility of developers to ensure user safety are under question. As the conversation around digital privacy continues, the need for stringent security measures and ethical considerations in software development is apparent.

About the Author

Husain Parvez is a Cybersecurity Researcher and News Writer at vpnMentor, focusing on VPN reviews, detailed how-to guides, and hands-on tutorials. Husain is also a part of the vpnMentor Cybersecurity News bulletin and loves covering the latest events in cyberspace and data privacy.