Spyware Vendor Hacked

https://www.schneier.com/

A Brazilian spyware app vendor was hacked by activists:

In an undated note seen by TechCrunch, the unnamed hackers
described how they found and exploited several security
vulnerabilities that allowed them to compromise WebDetetive�s servers
and access its user databases. By exploiting other flaws in the
spyware maker�s web dashboard�used by abusers to access the stolen
phone data of their victims�the hackers said they enumerated and
downloaded every dashboard record, including every customer�s email
address.

The hackers said that dashboard access also allowed them to
delete victim devices from the spyware network altogether,
effectively severing the connection at the server level to prevent
the device from uploading new data. �Which we definitely did. Because
we could. Because #fuckstalkerware,� the hackers wrote in the note.

The note was included in a cache containing more than 1.5
gigabytes of data scraped from the spyware�s web dashboard. That data
included information about each customer, such as the IP address they
logged in from and their purchase history. The data also listed every
device that each customer had compromised, which version of the
spyware the phone was running, and the types of data that the spyware
was collecting from the victim�s phone.