Stalkerware allows people to secretly spy on romantic partners, family members or other associates by infecting a target’s phone and then silently amassing their text messages, photos, location information, and other data. The malware is profoundly intrusive in and of itself, but digital rights advocates have long cautioned that on top of violating victims’ personal privacy, it also creates an additional risk that data gathered using spyware could then separately be breached by an additional, unrelated actor, creating a true privacy disaster. New research this week illustrates one such example of a true worst-case scenario.
In findings released on Thursday, a security researcher details the discovery of a cloud repository that was publicly accessible on the open internet with no access controls. It contained nearly 90,000 screenshots showing a European celebrity’s private messages, photos, and phone usage—seemingly compiled using stalkerware.
“All the selfies were one person, all the chats were one person, and it was basically everyone they chatted with divided into Instagram, Facebook, TikTok, and WhatsApp,” Jeremiah Fowler, a researcher with Black Hills Information Security who discovered the exposed data, tells WIRED. “There was a lot of nudity, there were pictures that you wouldn’t want out in the public.”
Among the 86,859 images, Fowlers’ analysis says, were ones capturing the celebrity talking privately with models, influencers, and other high-profile individuals, some of whom have millions of followers on their social media accounts. The screenshots, he says, captured business conversations with invoices and personal payment details, phone numbers, some partial credit card numbers, and huge volumes of sensitive information.
“You capture the initial victim, but you also victimize everyone they communicate with,” he says.
Fowler is not naming the apparent victim or their associates and says he reported the incident to local law enforcement. “Even though this is a very public person, even public people deserve privacy,” Fowler says.
Mistakenly exposed cloud repositories are a long-standing privacy and digital security problem, but these open data troves typically belong to companies that leave access open, exposing corporate secrets or customer information, because of misconfigurations or other oversights. In this case, though, the exposed data appeared to be owned by an individual. Based on the material in the dataset, Fowler attempted to contact the apparent victim, but ultimately notified the cloud service that was hosting the data. The company contacted the owner to have the data secured. Fowler is not publicly naming the host.
The exposed files have all of the characteristics of data collected using spyware—screenshots of particularly sensitive and intimate digital activity taken during a specific time span. And Fowler, who regularly investigates exposed datasets, specifically noticed this trove because the repository was called “Cocospy,” the name of a notorious off-the-shelf spyware tool. Fowler says the exposed data spanned mid-2024 to mid-2025.
Early last year, Cocospy and two other related apps that shared much of the same source code went offline after exposing user information. They became the latest in a long line of stalkerware apps to have suffered security breaches and exposed sensitive information. A flaw in the apps made it possible for anyone to access the huge troves of information that had been gathered from stalkerware victims and simultaneously exposed millions of Cocospy customer email addresses, TechCrunch reported at the time.
“Their malware on Android was full-blown spyware,” says Vangelis Stykas, a security researcher who has analyzed Cocospy and related apps, and is the cofounder and CTO of security firm Kumio AI. “It pretty much uploads everything from your phone to their cloud.”
Cocospy included a “stealth mode” that could take screenshots of what was on a person’s screen every few minutes and upload pictures or the contents of applications from a target device. “Having access to someone’s phone means you have unobstructed access to all of his or her life,” Stykas says.
An archived version of the Cocospy website from 2025, before the service was taken offline, billed the software as “parental control, tracking, and remote surveillance” with the ability to “track locations, messages, calls, and apps.” The site said: “Do it remotely and 100% discreetly.” When WIRED attempted to contact an email address that had been listed on the now defunct website, it returned an error message.
On top of its core surveillance functionality, Cocospy also claimed to allow users to view a target’s contacts, read their WhatsApp chats, get alerts when a target phone moved outside of a certain area marked on a map, and view web browsing history.
“Cocospy is a true spy app, virtually impossible to detect,” its website claimed. “Note that if the person you want to monitor [uses] an Android phone, you will need brief physical access to the target device to get Cocospy set up.” A disclaimer at the bottom of the site noted that it was intended “FOR LEGAL USE ONLY.”
Fowler’s findings on the apparent celebrity exposure comes as digital technology is increasingly being exploited by men to surveil, abuse, and harass women—including in public spaces. Abusers “will use any technology they can get their hands on that allows them to monitor, surveil, control what their partner is doing, saying who they’re seeing, what they’re looking up online,” says Katy Brookfield, an associate criminology professor at the University of Nottingham who researches technology-facilitated abuse. “We know they’re accessing this data. We know they’re sometimes storing this data.”
Personal information exposed in leaks or data breaches can lead to harassment, identity theft, or other targeting by cybercriminals. And if someone’s personal data leaks because the individual is already being harassed and targeted by technology abuse, the risks of having that data posted online can be even more devastating than it already would be. As WIRED reported at the start of April, some communities of men online are doxing women they know, sharing their private images, and buying hacking services to use against partners and friends.
“They will sometimes put women’s contact details online with the intention that other men will cause harm to them,” Brookfield says.
Disclaimer : This story is auto aggregated by a computer programme and has not been created or edited by DOWNTHENEWS. Publisher: wired.com
