Hackers Break Into Stalkerware Potentially Helping Thousands of Victims

A report from TechCrunch reveals that Portuguese-language spyware called WebDetetive has compromised over 76,000 Android devices, predominantly in Brazil. However, white hat hackers claim to have deleted user data from its servers, potentially helping thousands.
The report states that unnamed hackers discovered and exploited vulnerabilities in WebDetetive’s servers. By hacking the spyware company’s web dashboard, the hackers accessed user databases and downloaded records, including customer emails.
Stalkerware Sends User Data to a Central Server Without Consent
According to the report, the dashboard hack also allowed the white hat hackers to sever connections between victims’ devices and WebDetetive’s servers. The hackers claimed this prevented devices from sending new data to WebDetetive.
WebDetetive is a type of software called “stalkerware,” a subgroup of spyware that is usually put on victims’ phones without their consent. Usually by a partner or spouse who suspects infidelity, but the reasons can be even more sinister.
Spyware is also incredibly popular among government spy agencies for surveillance purposes. By compromising WebDetetive’s servers, the hackers have potentially saved thousands from having their data stolen.
Keep your data safe with these handy tips: Data Privacy: 10 Tips to Protect Your Digital Privacy
The hackers provided TechCrunch with a 1.5GB cache of data stolen from WebDetetive’s dashboard. The publication verified the authenticity of some device identifiers in the cache by matching them to endpoints on WebDetetive’s servers.
However, the outlet was not able to independently confirm that the hackers deleted user data, as claimed. Although, in a note seen by TechCrunch, the hackers wrote:
Which we definitely did. Because we could. Because #fuckstalkerware.”
Per the report, the cache contained information about WebDetetive customers and details on each compromised device. However, it did not include any contents taken from victims’ phones.

Stalkerware is often used by partners that suspect infidelity, but government spy agencies also use it too.
TechCrunch indicates the data showed WebDetetive had impacted 76,794 devices and contained info on over 74,000 unique customer emails. The report notes the stalkerware does not verify customer emails.
WebDetetive Linked to Another Spy App
Furthermore, WebDetetive also appears to be connected to another spyware called OwnSpy, developed in Spain. TechCrunch’s analysis found WebDetetive’s Android app contains largely recycled OwnSpy code.
Portions of OwnSpy’s infrastructure reportedly went offline shortly after TechCrunch contacted its developer.
However, white hat hacking such as this can have unintended consequences. Severing connections without warning could unintentionally alert the abusers who installed the spyware. This, in turn, could put victims in further danger.