A security researcher discovered a non-password-protected, publicly accessible database containing almost 90,000 images, showing a celebrity’s private messages, photos, and phone usage. Breach appears to be linked to a now defunct spyware app.
Detailing the breach, Jeremiah Fowler, a researcher with Black Hills Information Security, said he stumbled on the cloud repository, containing 86,859 images, that appeared to document the private life of one person.
The files included screenshots of personal messages, photographs, and phone activity, seemingly collected through stalkerware. The material was taken from a variety of platforms including WhatsApp, Facebook, Instagram and TikTok.
According to Fowler, the messages revealed “private communications with models, influencers, and celebrities,” as well as intimate exchanges and images not intended for public viewing.
The victim, described only as a “prominent European celebrity, entrepreneur and media personality” has not been identified.
Fowler said that he withheld the names to protect the privacy of those involved and noted the breach extended beyond a single individual.
"The images capture chat conversations with influencers who have millions of followers, as well as with friends, family, business associates and others."
Jeremiah Fowler, researcher, Black Hills Information Security.
The researcher added that sensitive data such as phone numbers, emails, invoices and partial financial details were also visible.
Database of stalked celebs left exposed online
The database is believed to have been created by whomever operated the spyware, which compiled screenshots from the device and uploaded them to a cloud dashboard.
Misconfigured access controls appear to have left the repository open to anyone with an internet connection – a flaw that researchers say is common in spyware apps.
Fowler told authorities and attempted to notify the victim directly. He also alerted the hosting provider, which subsequently contacted the database owner to secure the data.
The repository was reportedly labelled “Cocospy”, a surveillance tool that was shut down in 2025 after a separate breach exposed data from millions of users.
The dataset that Fowler discovered is thought to span activity from mid-2024 to mid-2025.
TechCrunch reported last year that Cocospy and its other (now offline) clones Spyic and Spyzie, have all been hacked or otherwise exposed their victims’ data as a result of shoddy coding or poor security practices.
What is stalkerware?
The case highlights the risks posed by stalkerware, which is designed to covertly monitor and typically requires physical access to the victim’s device.
Once installed, the app removes its icon and runs silently in the background, sending the collected data. It is also designed to resist removal by requiring a password or by blocking access to the settings.
Check if your data has been leaked
The software is often marketed as harmless monitoring or tracking, but in reality, it is commonly used in unauthorized surveillance.
In many countries and regions, including the European Union, the United States, Canada, and Australia, installing or using stalkerware without consent is illegal.
While messaging services such as WhatsApp use end-to-end encryption to ensure privacy, this only protects data in transit; once messages are displayed, stalkerware incidents show how these messages can be captured through screenshots or other means.
Unlock exclusive Cybernews content on YouTube.
Your email address will not be published. Required fields are markedmarked