A single, forgotten cloud folder. Ninety thousand screenshots. It’s the stuff of nightmares for anyone who’s ever sent a private text or snapped a blurry selfie. This isn’t some far-off data breach; it’s a chillingly personal exposure, laying bare a European celebrity’s digital life for all the world to see.
And the culprit? Stalkerware. The insidious kind of software designed to creep into your phone, unseen, and siphon off your most private moments. We’re talking texts, photos, locations – the whole digital shebang. Digital rights folks have been shouting about this for ages: not only does it violate your privacy, but that juicy data can get snatched again, by someone else entirely.
Jeremiah Fowler, a researcher at Black Hills Information Security, stumbled upon this particular disaster. A public, unsecured cloud repository. Inside? Nearly 90,000 screenshots. All belonging to one celebrity. All showing private messages, photos, phone habits. It’s a privacy violation multiplied.
“All the selfies were one person, all the chats were one person, and it was basically everyone they chatted with divided into Instagram, Facebook, TikTok, and WhatsApp,” Jeremiah Fowler, a researcher with Black Hills Information Security who discovered the exposed data, tells WIRED. “There was a lot of nudity, there were pictures that you wouldn’t want out in the public.”
This wasn’t just idle snooping. Fowler’s analysis revealed a trove of sensitive material: intimate conversations with other public figures, business dealings complete with invoices and partial credit card numbers, and a dizzying volume of personal details. The implication is stark: the stalkerware victim isn’t the only one compromised. Everyone they communicate with is now also potentially exposed.
This isn’t your typical corporate misconfiguration. Those happen, sure. Companies leave server doors wide open, spilling trade secrets. This, however, appears to be personal. An individual’s data, collected and then carelessly left out. Fowler did the right thing, reporting it and working with the cloud provider to get it locked down. The provider eventually contacted the owner, but the data had already been exposed.
What’s particularly damning is the name of the repository: “Cocospy.” Sound familiar? Cocospy was, and its ilk are, the digital equivalent of a peeping Tom with a master key. Security researchers have flagged this type of off-the-shelf spyware before. In fact, Cocospy and related apps crumbled last year precisely because they exposed user data. A flaw meant anyone could access the harvested information, and millions of Cocospy customer emails were also leaked. A real party.
How Did This Happen? The Cocospy Catastrophe
Researchers like Vangelis Stykas, co-founder and CTO of Kumio AI, have dissected these apps. “Their malware on Android was full-blown spyware,” Stykas noted. “It pretty much uploads everything from your phone to their cloud.” Cocospy, in particular, boasted a “stealth mode” that took screenshots every few minutes. Imagine that. Every few minutes, your screen — your private world — is captured and uploaded.
An archived version of the Cocospy website, a relic from its heyday, paints a picture of parental control and remote surveillance. “Track locations, messages, calls, and apps,” it bragged. “Do it remotely and 100% discreetly.” Discreet, perhaps, for the stalker. For the victim, it’s a waking nightmare.
Cocospy’s feature list was a privacy lawyer’s worst dream. Viewing contacts, reading WhatsApp chats, getting alerts when a target strayed from a designated area, even snooping on web browsing history. “Cocospy is a true spy app, virtually impossible to detect,” the website boasted. Almost. Turns out, exposing 90,000 screenshots is a pretty noticeable detection method.
This whole sordid affair reminds me of the Victorian-era obsession with collecting private letters. It was considered scandalous then, and it’s terrifyingly efficient now. The technology has changed, but the desire to violate someone’s innermost life remains a constant, ugly thread in the human condition. And these stalkerware tools are the digital enablers of that darkest impulse.
Is Stalkerware Truly Untraceable?
No, not entirely. While these apps aim for stealth, their operational infrastructure can be vulnerable, as evidenced by past data breaches of services like Cocospy. Security researchers actively track and analyze these tools. Moreover, legal frameworks are evolving to address the misuse of such spyware, although enforcement remains a challenge.
Will This Celebrity Lawsuit Make Stalkerware Go Away?
Unlikely. While a high-profile case might spur some legal action against the operators or developers, the demand for such intrusive surveillance tools persists. The underlying motivations—jealousy, control, voyeurism—aren’t going anywhere. Expect new apps to pop up, or existing ones to rebrand.
What Can I Do If I Suspect Stalkerware?
Immediately isolate the device: turn off Wi-Fi and mobile data. Run a reputable mobile security scan. Change all your passwords, starting with your cloud accounts. Consider a factory reset of the device after backing up only essential, non-sensitive data. Report the suspected activity to law enforcement and consider seeking legal counsel.
