Convicted spyware maker Brian Fleming avoids prison at sentencing

The first spyware maker convicted in more than a decade has managed to avoid a prison sentence after earlier pleading guilty to US federal charges linked to running his surveillance company.

Brian Fleming was sentenced Friday in federal court in San Diego to time served and a $5,000 fine, a spokesman for the U.S. Attorney for the Southern District of California, whose office brought the charges against Fleming, confirmed.

During a hearing in January after a years-long federal investigation into his spyware company, pcTattletale, Fleming admitted to manufacturing, selling and advertising spyware for illegal uses.

Prosecutors had previously asked the judge that Fleming not receive a prison sentence or fine.

Fleming’s criminal conviction marks the first successful prosecution of a spyware maker by the US Department of Justice since 2014, which could open the door to future prosecutions against others conducting illegal surveillance.

Fleming’s attorney, Marcos Bourassa, did not respond to a request for comment when contacted by TechCrunch.

Investigators from Homeland Security Investigations (HSI), a unit within US Immigration and Customs Enforcement, brought charges against Fleming in 2025 as part of a broader investigation into the consumer spyware industry. While many spyware operators operate their businesses from abroad, investigators told TechCrunch that Fleming came to the attention of federal agents because he sold and facilitated the use of spyware from the United States, and was someone within the jurisdiction of US law enforcement.

Spyware apps like pcTattletale are referred to as “stalkerware,” because paying customers often plant monitoring software on someone else’s devices without their knowledge or consent, such as their spouse. Once planted, these apps surreptitiously upload the contents of the victim’s device, including his messages, photos and real-time location, and make the data viewable to the person who planted the spyware.

According to an affidavit filed by federal investigators who sought to search his home, Fleming, in some instances, “knowingly assisted agents seeking to spy on non-consenting, non-employee adults.”

It is not known how many people pcTattletale spied on, but a data breach in 2024 revealed some of the scale of the long-running operation.

According to a previous investigation by TechCrunch, a security researcher discovered that pcTattletale had a vulnerability that was exposing millions of screenshots, which the spyware takes from the victim’s device every few seconds, to the open Internet, allowing anyone to see the contents of other people’s computer screens. This included screenshots of check-in computers at several US hotels that had pcTattletale installed, which revealed hotel and guest reservation details.

Fleming did not respond to the researcher and did not fix the security flaw.

A week after our report, Fleming shut down pcTattletale in 2024 after a high-profile hack, website defacement, and data breach, revealing that more than 138,000 customers had paid the company to help spy on countless victims.

The hacker told TechCrunch that they exploited a different vulnerability, allowing access to all files stored in pcTattletale’s cloud data storage account, including victims’ files.

It’s not clear exactly how many people had their devices compromised by pcTattletale, and Fleming did not notify his customers or their victims of the data breach. The pcTattletale founder told TechCrunch at the time that he “deleted everything” from his company’s servers after the hack.

pcTattletale is one of several stalkerware manufacturers that have been shut down or forced offline after a security vulnerability, including LetMeSpy, Cocospy, and Spyhide.