A major privacy breach linked to spyware platform Cocospy has exposed tens of thousands of highly sensitive screenshots belonging to a European celebrity, highlighting ongoing risks tied to stalkerware and misconfigured cloud storage.
Security researcher Jeremiah Fowler discovered an unsecured online database containing approximately 86,000–90,000 images documenting the victim’s private digital activity. The repository was publicly accessible without authentication, allowing anyone with a direct link to view the data.
The exposed files included screenshots of personal messages, photos, and app activity collected from the victim’s smartphone. According to the analysis, the data spanned multiple platforms, including WhatsApp, Instagram, Facebook, and TikTok, offering a near-complete record of communications and interactions.
Researchers say the dataset appeared to be generated using Cocospy, a surveillance tool often marketed as parental monitoring software but widely classified as stalkerware due to its covert tracking capabilities. The software can capture screenshots, messages, and other device activity and upload them to remote cloud dashboards.
The breach extended beyond a single individual. The screenshots included conversations with influencers, business contacts, and other public figures, meaning multiple parties were indirectly exposed. Some files reportedly contained phone numbers, email addresses, invoices, and partial financial data, increasing the risk of fraud or targeted attacks.
The affected individual has not been publicly identified, and the researcher withheld identifying details to limit further harm. However, the scale and sensitivity of the data underscore how spyware deployments can create cascading privacy risks, particularly when storage systems are improperly secured.
Experts note that this type of exposure represents a “worst-case scenario” for spyware victims. Not only is personal data collected without consent, but it can also be leaked or accessed by third parties if the infrastructure is misconfigured or compromised.
The incident also highlights a broader issue within the stalkerware ecosystem. These tools often rely on centralized cloud storage to manage collected data, and weak security controls can leave entire datasets exposed. Previous investigations have shown similar apps leaking millions of records due to poor configuration and a lack of safeguards.
While the database has since been secured, it remains unclear how long the data was publicly accessible or whether it was accessed by unauthorized parties. The case reinforces ongoing concerns about the legality, ethics, and security of spyware tools that operate under the guise of legitimate monitoring software.