Physical Address
304 North Cardinal St.
Dorchester Center, MA 02124
Stalkerware lets people to an undercover spy on boyfriends, relatives or other friends by passing on the phone of the person they want and then silently massaging their messages, photos, places, and more. The malware it is very disturbing on its own, but digital freedom activists have long warned that on top of violating the privacy of victims, it also creates an additional risk that the data collected through the use of spyware can be broken by an additional, unrelated actor, creating a real privacy disaster. A new study out this week shows one such example of a worst-case scenario.
In a study released on Thursday, a security researcher describes the availability of cloud storage that was made public on the Internet without any controls. It contained about 90,000 images of a famous European celebrity’s private messages, photos, and phone usage—apparently created using stalkerware.
“The selfies were all one person, the chats were all one person, and basically it was everyone they were talking to shared on Instagram, Facebook, TikTok, and WhatsApp,” said Jeremiah Fowler, a Black Hills Information Security researcher. found data exposed, tells WIRED. “There was a lot of nudity, there were pictures that you wouldn’t want to see in public.”
Among the 86,859 photos, Fowlers’ analysis says, were those of celebrities talking privately with celebrities, influencers, and other high-profile people, some with millions of followers on their social media accounts. The images, he says, captured business conversations and personal invoices and payments, phone numbers, other credit card numbers, and a lot of personal information.
He said: “You catch someone who has been abused, but you also harass everyone who talks to them.”
Fowler is not releasing the name of the alleged victim or his friends and said he reported the incident to local police. “Even though this is a public figure, even public figures are supposed to be private,” Fowler says.
Incorrectly exposed cloud storage is a long-term privacy and digital security problem, but these open data are often owned by companies that leave open access, revealing company secrets or customer information, due to default or other controls. However, in this case, what was revealed appeared to be human. Based on the contents of the dataset, Fowler attempted to contact the alleged victim, but instead notified the cloud group that stored the data. The company contacted the owner to secure the data. Fowler does not name the host.
The leaked files contain all the data collected using spy software—visual and digital images taken at a specific time. And Fowler, who always investigates what has been revealed, noticed this because the archive was called “Cocospy,” the name of a popular spy tool. Fowler says that the exposure ranged from mid-2024 to mid-2025.
At the beginning of last year, Cocospy and two other affiliate programs shared the same information went online after disclosing user information. They became the latest in a long line of stalkerware software to exist experienced security breaches and disclosure of confidential information. The software bug made it possible for anyone to access large amounts of information collected from stalkerware victims and exposed millions of Cocospy email addresses, TechCrunch reported. report at that time.
“Their Android malware computers were spyware,” says Vangelis Stykas, a security researcher who has analyzed Cocospy and related software, and is the founder and CTO of security firm Kumio AI. “It uploads everything from your phone to their cloud.”
Cocospy also included a “smooth” feature that can capture a person’s photos every few minutes and upload photos or content from the target device. “Having someone’s phone means you can’t shut them down for the rest of their lives,” says Stykas.
