Physical Address
304 North Cardinal St.
Dorchester Center, MA 02124
The first spyware developer to be found guilty in more than a decade avoided prison after pleading guilty to US charges related to running his surveillance company.
Bryan Fleming was sentenced Friday in federal court in San Diego to prison terms and a $5,000 fine, confirmed a spokesman for the US Attorney for the Southern District of California, whose office prosecuted Fleming.
Time hearing the request in January following a years-long federal investigation into his spyware company, pcTattletale, Fleming admitted to developing, selling, and marketing spyware for illegal use.
Prosecutors initially asked the judge to spare Fleming any jail time or fines.
Fleming’s conviction is the first successful prosecution of a software developer by the US Department of Justice since 2014, which could open the door to future prosecutions of others involved in illegal surveillance services.
Fleming’s attorney, Marcus Bourassa, did not respond to a request for comment when contacted by TechCrunch.
Investigators with Homeland Security Investigations (HSI), an agency within US Immigration and Customs Enforcement, charged Fleming in 2025 as part of a broader investigation. companies using consumer spyware. While many spyware developers operate their businesses from overseas, investigators told TechCrunch that Fleming attracted the attention of government agencies when he sold and controlled the use of spyware from the United States, and was a person in the custody of US law enforcement.
Spyware like pcTattletale is called “stalkerware,” as paying customers often plant surveillance software on someone else’s device without their knowledge or consent, such as a friend. Once planted, these programs secretly upload the contents of the victim’s device, including their messages, photos, and real-time location, and make the data visible to the person who planted the spyware.
According to affidavit written by federal investigators who wanted to search his home, Fleming, at times, “knowingly assisted clients seeking unauthorized, non-employee adult spies.”
It’s unclear how many people pcTattletale spied on, but a data breach in 2024 revealed the extent of the long-running operation.
According to preliminary investigation and TechCrunch, a security researcher discovered that pcTattletale had a security flaw that exposed millions of screenshots, taken by spyware from the victim’s device every few seconds, to the open Internet, allowing anyone to see what’s on other people’s computers. This included screenshots of computer logins at several US hotels owned by pcTattletale, which revealed the hotel’s guest and reservation information.
Fleming did not respond to the inquiry or correct the security breach.
A week later our report, Fleming Close pcTattletale in 2024 after a high-profile hack, website crash, and data breach, which shows that more than 138,000 customers have paid the company to help countless spy victims.
The hacker told TechCrunch that he exploited some security flaws, allowing access to all the files stored in pcTattletale’s data storage account, including those of the victims.
It is unclear how many people had their devices compromised by pcTattletale, and Fleming did not notify its customers or victims of the data breach. The pcTattletale founder told TechCrunch at the time that he “deleted everything” from his company’s servers after the breach.
pcTattletale is one of the several stalkerware developers which block or force offline following security breaches, including LetMeSpy, Cocospy, and Spyhide.