pcTattletale, a U.S. consumer spyware service, is tied to a May 25, 2024 data leak indexed by leaksear.ch with 118,951 records containing member, device, IP address, renewal, and location-history data (leaksear.ch metadata). Public reporting at the time said the company's website was defaced and data from its servers was posted online (www.bleepingcomputer.com, techcrunch.com).
What happened
BleepingComputer reported on May 24, 2024 that a hacker defaced pcTattletale's website and leaked archives containing database and source-code data. Have I Been Pwned later listed pcTattletale as a sensitive breach, with the breach occurring in May 2024 and added to HIBP on May 25, 2024 (www.bleepingcomputer.com, haveibeenpwned.com).
TechCrunch reported that the person claiming responsibility said the compromise did not use the previously reported screenshot-access vulnerability, but instead involved pcTattletale's servers exposing access to its cloud operations. TechCrunch also reported that the site briefly displayed links to files from pcTattletale servers, which appeared to include some victims' stolen data (techcrunch.com).
Days later, TechCrunch reported that pcTattletale's founder said the company was out of business after the breach. The same report said pcTattletale's website remained offline and that the founder said the company's cloud account and servers had been deleted (techcrunch.com).
What data was exposed
The leaksear.ch index lists the searchable fields as email addresses, hashed passwords, IP addresses, names, and usernames (leaksear.ch metadata). The indexed records also contain stored context that is not directly searchable, including authentication-key references, member IDs, device and computer identifiers, computer names and nicknames, computer descriptions, version values, first and last location latitude and longitude with timestamps, last-login data, location counts, payment gateway, renewal dates and renewal history, signup timestamps, transaction IDs, and related account or device counts (leaksear.ch metadata).
The supplied metadata describes the exposed data as member, device, IP address, renewal, and location-history information (leaksear.ch metadata). Public reporting separately described pcTattletale as software that captured screenshots from monitored Android and Windows devices, and TechCrunch reported that pcTattletale was found on several U.S. hotel check-in systems where screenshots exposed guest and reservation details (techcrunch.com).
Why this matters
Emails, usernames, names, IP addresses, device identifiers, renewal data, and location-history fields can give attackers useful context for phishing, doxxing, account-recovery attacks, and targeted social engineering. Hashed passwords should be treated as compromised, especially if the same password was reused on other services. Organizations that may have used pcTattletale or found it on managed devices should review endpoints, logs, and affected user notifications, since public reporting also linked the spyware to exposed hotel check-in data. If you used pcTattletale, managed devices where it may have been installed, or received a breach notice, check whether your data appears in this leak.
Check your exposure
Vetted researchers and incident-response teams can request access or sign in if they already have access to check this dataset. Searchable pivots for this leak include email, hashed password, ip address, name, and username.
Sources
- BleepingComputer: Hacker defaces spyware app's site, dumps database and source code
- TechCrunch: Spyware app pcTattletale was hacked and its website defaced
- TechCrunch: Spyware maker pcTattletale says it's out of business and shuts down after data breach
- TechCrunch: Spyware found on US hotel check-in computers
- Have I Been Pwned: pcTattletale Data Breach