TheTruthSpy, a stalkerware app already notorious for repeated leaks, has once again been exposed for dangerously poor security. Independent researcher Swarang Wade discovered a flaw allowing anyone to reset the password of any account on the platform, giving attackers full control and access to victims’ stolen phone data.
Given the spyware’s nature, many users of TheTruthSpy install it without the consent of their targets, siphoning private texts, photos, and location data. The vulnerability makes those victims even more vulnerable, exposing them to identity theft and other serious risks.
Researcher Attempts to Warn Developers
To verify the flaw, Wade successfully changed the passwords on test accounts. He attempted to alert Van (Vardy) Thieu, the director of TheTruthSpy’s parent company 1Byte Software, but received no response. When later contacted, Thieu admitted the app’s source code was “lost” and claimed he could not patch the bug.
As of now, the vulnerability remains live, leaving thousands of people unknowingly exposed.
A Troubled History of Data Breaches
TheTruthSpy has been plagued by repeated breaches and leaks. Past incidents revealed personal data of more than 400,000 victims, exposed the app’s internal workings, and uncovered a money-laundering network tied to its operators. In late 2023, another breach compromised 50,000 additional victims.
Despite its history, the spyware has continued to rebrand under names like PhoneParental and MyPhones.app, while still relying on the same flawed back-end software stack. Each rebrand carries over the same security weaknesses, putting both victims and customers at risk.
What The Author Thinks
Stalkerware like TheTruthSpy isn’t just dangerous because of what it does — it’s dangerous because of what it is. Any company built on secretly harvesting people’s private lives will never have the incentive or expertise to safeguard that stolen data. History shows that these operations recycle the same code, dodge accountability with rebrands, and ultimately fail to protect even the people misusing their tools. The latest flaw isn’t an accident — it’s proof that spyware will always be broken, both ethically and technically.
Featured image credit: Drazen Zigic via Freepik
For more stories like it, click the +Follow button at the top of this page to follow us.