Stalkerware Breach Exposes 86,859 Private Images of Celebrity

Severity: High (Score: 66.0)

Sources: Expressvpn, www.wired.com, Cybernews, haveibeenpwned.com

Summary

A security researcher discovered a publicly accessible database containing 86,859 images linked to a prominent European celebrity, revealing private messages, photos, and phone activity collected via stalkerware. The breach involved a misconfigured cloud repository, allowing anyone with internet access to view sensitive data, including intimate communications and personal identifiers. The spyware app, identified as 'Cocospy', was previously shut down in 2025 after another data exposure incident. Jeremiah Fowler, the researcher, reported the breach to authorities and attempted to notify the victim directly. The dataset spans activity from mid-2024 to mid-2025 and highlights ongoing risks associated with stalkerware applications. The incident underscores the need for better security practices in spyware development and deployment. The victim and other involved parties remain unnamed for privacy reasons. Key Points: • 86,859 private images linked to a European celebrity were exposed due to misconfigured stalkerware. • The breach involved sensitive data from platforms like WhatsApp, Instagram, and TikTok. • The spyware app 'Cocospy' was previously shut down after a separate data exposure incident.

Key Entities

• Data Breach (attack_type)
• Australia (country)
• Canada (country)
• United States (country)
• CWE-862 - Missing Authorization (cwe)
• proton.me (domain)
• Cocospy (malware)
• Spyic (malware)
• Spyzie (malware)
• T1071 - Application Layer Protocol (mitre_attack)
• Google Play Protect (platform)
• Instagram (platform)
• TikTok (platform)
• WhatsApp (platform)