TheTruthSpy, a notorious stalkerware app with a history of data breaches, has a new critical security flaw that lets anyone reset user passwords and hijack accounts, TechCrunch confirmed.
The vulnerability, discovered by researcher Swarang Wade, puts thousands of victims at risk, allowing attackers to access stolen phone data including private messages, photos, and locations.
Despite repeated breaches over the past decade, TheTruthSpy, run by Vietnam-based 1Byte Software and director Van (Vardy) Thieu, has not fixed the flaw. Thieu admitted the app’s source code was “lost” and cannot be patched.
Related: SecurityPal AI CEO Pukar Hamal Rejects VC Treadmill for ‘Durable Growth’
The spyware, now partly rebranded as PhoneParental, continues to operate with the same insecure infrastructure, highlighting the persistent danger of stalkerware apps.
