Recent findings highlight a significant data breach involving stalkerware, a type of malicious software that covertly monitors individuals’ activities. This malware has been used to compromise the privacy of romantic partners, family members, and associates. It infiltrates devices to collect text messages, photos, location data, and more, posing severe risks to personal privacy. Digital rights advocates have consistently warned that the invasive nature of such spyware not only violates individual privacy but also creates vulnerabilities where this sensitive information could be further exposed by unrelated third parties, leading to potential privacy disasters. A recent incident underscores these concerns.
On Thursday, a security researcher unveiled the existence of an unsecured cloud repository available on the open internet, raising alarms over the potential misuse of data within. The repository contained nearly 90,000 screenshots documenting a European celebrity’s private communications and photos, suggesting that stalkerware was responsible for compiling this information.
Jeremiah Fowler, a researcher affiliated with Black Hills Information Security, identified the leaked data and described its sensitive nature. “All the selfies were from one individual, and every chat was categorized by platforms like Instagram, Facebook, TikTok, and WhatsApp,” Fowler stated. The contents included numerous explicit images and private conversations that could severely damage the reputations of those involved.
Fowler’s analysis revealed that the collection included dialogues with models, influencers, and other prominent individuals with substantial social media followings. The breached information contained business discussions, payment information, and personal details, illustrating how stalkerware victimizes not only the initial target but everyone they connect with. Fowler has refrained from naming the individual or their associates and has reported the incident to law enforcement, emphasizing that public figures also have the right to privacy.
The risks posed by mistakenly exposed cloud storage are well-documented, often resulting from misconfigurations that leave sensitive corporate or customer data accessible to anyone. However, in this case, the leaked information appeared to be owned by an individual, raising new security concerns. After reaching out to the data’s apparent owner, Fowler informed the cloud service provider about the exposure, leading to actions to secure the compromised data.
The nature of the exposed files parallels that typically associated with spyware, as they consist of intimate digital engagements gathered over a specific timeframe. Fowler noted that the repository’s name, “Cocospy,” is well-known in the stalkerware community, indicating an established method of spying. The timeline for the exposed data spans between mid-2024 to mid-2025.
Cocospy, along with two other affiliated applications, faced significant scrutiny early last year when they went offline after exposing user data. These applications have previously been implicated in security breaches that compromised the personal information of countless individuals. A flaw in the software allowed unauthorized access to sensitive records, including the email addresses of millions of users.
Vangelis Stykas, a security expert analyzing Cocospy, characterized it as “full-blown spyware” capable of extracting extensive personal information from targets’ devices. This application employed a “stealth mode,” capturing screen activity and uploading content without users’ knowledge. Stykas remarked on the profound implications, stating that gaining access to a person’s phone equates to having unrestricted access to their life.
The incident illustrates the critical intersection of data privacy, cybersecurity, and personal safety. As stalkerware applications continue to pose threats to individuals’ privacy, the data breach serves as a stark reminder of the vulnerabilities inherent in digital communication.