Massive Stalkerware Data Breach Exposes Celebrity's Private Life

Severity: High (Score: 68.0)

Sources: haveibeenpwned.com, www.wired.com, Cybernews, Expressvpn, Scworld

Summary

A security researcher discovered a publicly accessible database containing 86,859 images linked to a prominent European celebrity, revealing private messages, photos, and phone activity. The data was collected through stalkerware, which was misconfigured to allow public access. The breach includes intimate communications with influencers and celebrities, as well as sensitive personal information like phone numbers and emails. The database was associated with a now-defunct spyware app named Cocospy, which had previously suffered a significant breach in 2025. The researcher, Jeremiah Fowler, reported the findings to law enforcement and attempted to notify the victim. The exposed data spans from mid-2024 to mid-2025 and highlights the ongoing risks posed by stalkerware applications. The incident underscores the need for better security practices in the development and deployment of such software. Key Points: • 86,859 images linked to a European celebrity were exposed due to misconfigured stalkerware. • The breach involved sensitive personal communications and data from platforms like WhatsApp and Instagram. • The spyware app Cocospy, associated with the leak, had previously faced a major data breach in 2025.

Key Entities

• Data Breach (attack_type)
• Australia (country)
• Canada (country)
• United States (country)
• CWE-200 - Exposure of Sensitive Information (cwe)
• CWE-862 - Missing Authorization (cwe)
• proton.me (domain)
• Cocospy (malware)
• Spyic (malware)
• Spyzie (malware)
• T1071 - Application Layer Protocol (mitre_attack)
• Google Play Protect (platform)
• Instagram (platform)
• TikTok (platform)
• WhatsApp (platform)