pcTattletale, a U.S.-based stalkerware and surveillance application, suffered a data breach on May 24-25, 2024 when a hacker exploited multiple vulnerabilities in the company's infrastructure to gain full access to the backend systems and Amazon Web Services credentials. The breach occurred after a separate security researcher had disclosed a vulnerability to pcTattletale that allowed any unauthenticated party to access the most recent screen capture from any device running the spyware, and pcTattletale had failed to remediate the issue. The hacker defaced pcTattletale's homepage with a writeup of the operation and links to tens of gigabytes of stolen data, and the AWS infrastructure was subsequently locked by Amazon. Founder Bryan Fleming attempted unsuccessfully to restore the website for over twenty hours, and his attempts were captured by his own software because his computer was running pcTattletale.

The breach affected approximately 138,751 customer accounts in the leaked dataset, alongside 17 terabytes of victim device screenshots representing more than 300 million captured screenshots from over 10,000 monitored devices, with some material dating back to 2018. The publicly leaked dataset itself did not contain the screenshots due to size constraints but did contain the customer-account database, the application's webroot files, and various Amazon S3 bucket contents. Compromised fields in the customer-account database included email addresses, names, IP addresses, device information, passwords, phone numbers, physical addresses, captured SMS messages from monitored devices, and usernames.

For surveillance targets and customers alike, the practical risk profile is exceptionally severe and varies between the two populations. For surveillance targets (the people whose devices were being secretly monitored), the breach exposed years of intimate device data including SMS messages, screenshots of private communications, and detailed location and activity logs that may have been collected without their knowledge or consent. Many targets are domestic-violence victims and individuals whose partners, family members, or employers installed the software covertly. The U.S. National Domestic Violence Hotline (1-800-799-7233) and the Coalition Against Stalkerware provide resources for individuals who suspect they may have been monitored. For customers (the people who installed the software), the breach exposed their identification as someone who purchased and used stalkerware to surveil another person, with potential employment, relationship, and legal consequences depending on the jurisdiction and the consent status of the surveillance target. Wyndham hotels and other organizations whose internal systems were compromised through pcTattletale deployment may have additional disclosure and remediation obligations to their customers and employees.

Monitoring software platforms collect account data, device identifiers, keystrokes, screenshots, activity logs, and surveillance-linked records tied to workforce or endpoint monitoring.

pcTattletale ceased operations following the May 2024 breach. Founder Bryan Fleming told TechCrunch that the company was 'out of business and completely done,' and Amazon Web Services locked the entire pcTattletale AWS infrastructure. U.S. Homeland Security Investigations (HSI) had begun investigating Fleming in June 2021, and a U.S. judge authorized a search of Fleming's Michigan home in November 2022 (warrant unsealed in December 2025). Fleming pleaded guilty on January 6, 2026 in a San Diego federal court to computer hacking, conspiracy, and the unlawful advertising of surveillance software. Fleming faces up to 15 years in prison, with sentencing scheduled for April 3, 2026. Fleming's prosecution is one of the few successful U.S. prosecutions of a stalkerware operator and has been widely cited by privacy advocates including Eva Galperin of the Electronic Frontier Foundation as potentially shifting the risk calculus for stalkerware operators.