pcTattletale 2024 Data Breach
ObscureIQ Breach Intelligence
High SeverityWebsite / service breach
pcTattletale Employee Monitoring Software Breach (2024): 139K Records Including SMS Messages from Monitored Devices Exposed :: Website Defaced
Employee and device monitoring software.
Verified by ObscureIQ Intelligence
72/100Breach Risk Index
40Data Value
25Market Recency
702dSince Breach
Breach Intelligence Summary
Entity: pcTattletale · Actor: Anonymous hacker (researcher disclosure via Maia Arson Crimew + Eric Daigle) · Sources: 3 references
Attack: Misconfiguration
Profile: Platform · Employee monitoring and surveillance tools · Workforce monitoring software · USA
Timeline: Breach (2024-05-25) · Indexed (May 25, 2024) · Year (2024)
Exposure: 139K records · 9 fields: Device Information, Email Address, Full Name, IP Address, Messages & Chat, Password, Phone Number, Physical Address, Username
Status: Confirmed
Executive Summary
pcTattletale, a U.S.-based stalkerware and surveillance application, suffered a data breach on May 24-25, 2024 when a hacker exploited multiple vulnerabilities in the company's infrastructure to gain full access to the backend systems and Amazon Web Services credentials. The breach occurred after a separate security researcher had disclosed a vulnerability to pcTattletale that allowed any unauthenticated party to access the most recent screen capture from any device running the spyware, and pcTattletale had failed to remediate the issue. The hacker defaced pcTattletale's homepage with a writeup of the operation and links to tens of gigabytes of stolen data, and the AWS infrastructure was subsequently locked by Amazon. Founder Bryan Fleming attempted unsuccessfully to restore the website for over twenty hours, and his attempts were captured by his own software because his computer was running pcTattletale. The breach affected approximately 138,751 customer accounts in the leaked dataset, alongside 17 terabytes of victim device screenshots representing more than 300 million captured screenshots from over 10,000 monitored devices, with some material dating back to 2018. The publicly leaked dataset itself did not contain the screenshots due to size constraints but did contain the customer-account database, the application's webroot files, and various Amazon S3 bucket contents. Compromised fields in the customer-account database included email addresses, names, IP addresses, device information, passwords, phone numbers, physical addresses, captured SMS messages from monitored devices, and usernames. For surveillance targets and customers alike, the practical risk profile is exceptionally severe and varies between the two populations. For surveillance targets (the people whose devices were being secretly monitored), the breach exposed years of intimate device data including SMS messages, screenshots of private communications, and detailed location and activity logs that may have been collected without their knowledge or consent. Many targets are domestic-violence victims and individuals whose partners, family members, or employers installed the software covertly. The U.S. National Domestic Violence Hotline (1-800-799-7233) and the Coalition Against Stalkerware provide resources for individuals who suspect they may have been monitored. For customers (the people who installed the software), the breach exposed their identification as someone who purchased and used stalkerware to surveil another person, with potential employment, relationship, and legal consequences depending on the jurisdiction and the consent status of the surveillance target. Wyndham hotels and other organizations whose internal systems were compromised through pcTattletale deployment may have additional disclosure and remediation obligations to their customers and employees.
ObscureIQ assessment: Exceptionally sensitive. Exposure can reveal intimate device activity, workplace surveillance records, and private user behavior, enabling extortion, insider targeting, blackmail, and operational compromise.
Breach Impact
The institutional impact on pcTattletale was effectively terminal. The company ceased operations, its AWS infrastructure was locked by Amazon, and founder Bryan Fleming has pleaded guilty to federal charges with sentencing pending. The case has been formally cited by U.S. Federal Trade Commission and Department of Justice officials in subsequent stalkerware enforcement actions and is part of a broader U.S. enforcement push against domestic stalkerware operators. The breach affected not only pcTattletale's direct customers but also organizations whose internal systems had been compromised through pcTattletale's deployment, most notably Wyndham hotels' front-desk check-in systems where pcTattletale captured screenshots of guest details and customer information across multiple U.S. locations. Reputational impact has extended across the broader consumer surveillance and parental-monitoring software sector.
About pcTattletale
pcTattletale was a U.S.-based consumer-grade spyware and stalkerware product founded in approximately 2002 and operated by Bryan Fleming from Bruce Township, Michigan, registered as Parental Control Products, LLC. The application was marketed as 'employee and child monitoring' software but actively promoted to consumers as a tool to 'catch a cheater' and 'surreptitiously spy on spouses and partners.' Once installed on a target's Android or Windows device (typically with knowledge of the target's passcode or login), pcTattletale continuously captured screenshots and uploaded them to pcTattletale's Amazon S3 storage infrastructure, where the customer who installed the software could review them through an online portal. The software bragged about being '100% Undetectable.' pcTattletale has been classified as stalkerware by the Coalition Against Stalkerware and other industry coalitions because of its surveillance-of-adults marketing and design.
Why They Hold Your Data
Monitoring software platforms collect account data, device identifiers, keystrokes, screenshots, activity logs, and surveillance-linked records tied to workforce or endpoint monitoring.
Recent Developments
pcTattletale ceased operations following the May 2024 breach. Founder Bryan Fleming told TechCrunch that the company was 'out of business and completely done,' and Amazon Web Services locked the entire pcTattletale AWS infrastructure. U.S. Homeland Security Investigations (HSI) had begun investigating Fleming in June 2021, and a U.S. judge authorized a search of Fleming's Michigan home in November 2022 (warrant unsealed in December 2025). Fleming pleaded guilty on January 6, 2026 in a San Diego federal court to computer hacking, conspiracy, and the unlawful advertising of surveillance software. Fleming faces up to 15 years in prison, with sentencing scheduled for April 3, 2026. Fleming's prosecution is one of the few successful U.S. prosecutions of a stalkerware operator and has been widely cited by privacy advocates including Eva Galperin of the Electronic Frontier Foundation as potentially shifting the risk calculus for stalkerware operators.
Data Points Exposed
9 verified field types
Device Information
Email Address
Full Name High
IP Address
Messages & Chat High
Password Critical
Phone Number
Physical Address High
Username
Field names are shown in full for clarity and search visibility. Canonical machine keys are emitted only in this page’s structured data.
Exploitation & Downstream Threats
Threat Activity:High
Primary downstream threats:
- Credential stuffing against reused passwords across other platforms
- SIM swap attacks where phone numbers are present
- Targeted phishing campaigns using exposed email addresses
- Doxxing risk from physical address exposure
Threat vectors:
- Device fingerprinting & targeted exploitation
- Phishing, credential stuffing & account takeover
- Name-based social engineering
- Geolocation & account flagging
- SIM swap confirmation & relationship exploitation
- Credential stuffing & account takeover
- SIM swapping, vishing & SMS phishing
- Physical stalking, mail fraud & identity verification
- Cross-platform tracking & credential stuffing
Threat Actor: Anonymous hacker (researcher disclosure via Maia Arson Crimew + Eric Daigle)
Anonymous hacker (researcher disclosure via Maia Arson Crimew + Eric Daigle)
Misconfiguration
Attribution and method are based on available breach intelligence. Reported attack vector: Misconfiguration.
Recommended Actions
If you believe your information may be included:
Change Reused Passwords
Update this account and anywhere you reused the password; use a manager.
Enable MFA Everywhere
Turn on multi-factor authentication on email first, then financial accounts.
Report & Recover
If you spot misuse, start an official recovery plan and report fraud.
Frequently Asked Questions
What happened in the pcTattletale breach?▾
pcTattletale, a U.S.-based stalkerware and surveillance application, suffered a data breach on May 24-25, 2024 when a hacker exploited multiple vulnerabilities in the company's infrastructure to gain full access to the backend systems and Amazon Web Services credentials. The breach occurred after a…
What data was exposed?▾
Verified fields include Device Information, Email Address, Full Name, IP Address, Messages & Chat, Password, Phone Number, Physical Address, Username.
What should I do if I was affected?▾
Change reused passwords, enable MFA, and (if identity or financial data is involved) freeze your credit and monitor your accounts.
Sources & References
Every claim on this page is traceable. This breach draws on:
Breach Index
Cross-source
BreachForums_Official_Index
ObscureIQ Intelligence
ObscureIQ proprietary analysis
Protect Yourself
Check If You're Affected
Enter your email to check whether your data appears in this breach. We’ll send a 6-digit code to confirm it’s your address.
Get Free Breach Alerts
Be the first to know when new breaches are disclosed. Free forever — confirm your email with a 6-digit code.
High-Risk? Get an Exposure Audit
Executives, public figures, and high-visibility operators can receive tailored exposure intelligence and hardening guidance.
Request Consultation