Physical Address
304 North Cardinal St.
Dorchester Center, MA 02124
Stalkerware allows people to Secretly spy On romantic partners, family members, or other partners by infecting the target’s phone and then silently collecting their text messages, photos, location information, and other data. the Malware Such software is highly intrusive in and of itself, but digital rights advocates have long warned that in addition to violating victims’ personal privacy, it also creates the additional risk that data collected using spyware could be hacked separately by an additional, unrelated actor, leading to a veritable privacy catastrophe. New research this week illustrates one example of a true worst-case scenario.
In findings released Thursday, a security researcher detailed the discovery of a cloud repository that was publicly accessible on the open internet without any access controls. It contained nearly 90,000 screenshots showing the private messages, photos and phone usage of a European celebrity – and appeared to have been compiled using stalkerware.
“All the profile pictures were from one person, all the chats were from one person, and everyone they talked to was divided into Instagram, Facebook, TikTok, and WhatsApp,” said Jeremiah Fowler, a researcher at Black Hills Information Security who find out Exposed data, WIRED says. “There was a lot of nudity, and there were images that you didn’t want to show to the public.”
Fowler’s analysis says that among the 86,859 photos, there were photos of celebrities speaking privately with models, influencers and other high-profile individuals, some of whom have millions of followers on their social media accounts. He says the screenshots captured business conversations with invoices, personal payment details, phone numbers, some partial credit card numbers and vast amounts of sensitive information.
“You’re picking up the initial victim, but you’re also damaging everyone they come in contact with,” he says.
Fowler did not name the apparent victim or their accomplices, and says he reported the incident to local law enforcement. “Even though this is a very public person, public people deserve privacy,” Fowler says.
Accidentally exposed cloud repositories are a long-standing privacy and digital security issue, but this open data typically belongs to companies that leave access open, exposing company secrets or customer information, due to misconfigurations or other oversights. But in this case, the exposed data appears to belong to an individual. Based on the material in the dataset, Fowler attempted to contact the apparent victim, but ultimately informed the cloud service that was hosting the data. The company contacted the owner to secure the data. Fowler has not publicly named the host.
The exposed files contain all the characteristics of data collected using spyware, which are screenshots of particularly sensitive and intimate digital activities captured over a specific period of time. Fowler, who regularly investigates exposed data sets, noticed this treasure specifically because the repository was called “Cocospy,” the name of a notorious off-the-shelf spy tool. The exposed data spanned from mid-2024 to mid-2025, Fowler says.
Early last year, Cocospy and two other related apps shared much of the same source code He went offline After disclosing user information. It has become the latest in a long line of stalkerware applications available Exposure to security breaches Revealing sensitive information. An app flaw enabled anyone to access massive amounts of information collected from victims of stalkerware while simultaneously exposing millions of email addresses of Cocospy customers, TechCrunch I mentioned at that time.
“Their Android malware was full-fledged spyware,” says Vangelis Stakas, a security researcher who analyzed Cocospy and related apps and is co-founder and CTO of security firm Kumio AI. “It uploads almost everything from your phone to their cloud.”
Cocospy includes a “stealth mode” that can take screenshots of what was on a person’s screen every few minutes and upload images or contents of apps from the target device. “Having access to someone’s phone means you have unobstructed access to their entire life,” says Stakas.