Benevolent hackers clear stalking spyware from 75,000 phones

Unnamed hackers claim they accessed spyware firm WebDetetive and deleted device information to protect victims from surveillance, TechCrunch reported on Saturday. Users of the spyware won't get any new data from their targets. "Because #fuckstalkerware,” the hackers wrote in a note obtained by TechCrunch.

Spyware software allows users unfettered access to a victim's device, whether that's a government using it to surveil citizens or an abuser using it to stalk a survivor. The spyware advertises the ability to monitor everything a victim types, listen to phone calls and track locations for "less than a cup of coffee" without being seen. It works by downloading an app on a person's phone, under an alias that goes undetected, to give full access to the device. The WebDetetive breach compromised more than 76,000 devices belonging to customers of the stalkerware, and more than 1.5 gigabytes of data freed from app's servers, according to the hackers.

While TechCrunch did not independently confirm the deletion of victim's data from the WebDetetive server, a cache of data shared by the hackers provided a look at what they were able to accomplish. TechCrunch also worked with a nonprofit that logs exposed datasets, DDoSecrets, to verify and analyze the information. Hackers obtained information on customers like IP addresses and devices that they targeted.