90,000 Screenshots: How Spyware Exposed a Celebrity's Private Life

Security researcher Jeremiah Fowler at Black Hills Information Security found a cloud storage folder that anyone could access online. Inside were nearly 90,000 screenshots of a European celebrity's personal data, collected using stalkerware—a type of spy software designed to secretly monitor someone's phone or computer. The folder was labeled 'Cocospy', a well-known spyware tool sold online.

The exposed data included private messages with models, influencers, and other famous people, partial credit card numbers, and screenshots of intimate digital activity. Fowler reported the discovery to local law enforcement and tried to contact the person being spied on.

A Growing Problem

This case is not isolated. A separate stalkerware breach in June 2024 potentially exposed the data of over 2 million people, including thousands of iPhone users. Neither the people being monitored nor the customers who bought the spyware were told about it.

Kaspersky, a cybersecurity firm, found in 2023 that stalkerware affected 31,031 people worldwide, up about six percent from the year before. In Europe, Germany had the most cases at 577, followed by France with 332 and the United Kingdom with 271.

Even when services get shut down, new ones appear. A stalkerware service called LetMeSpy closed in 2023 after a data breach exposed its users' information, yet similar services continue to operate.

How Stalkerware Works

Stalkerware typically comes as a hidden mobile app that gives someone remote access to a target's device. It can capture screenshots, record what you type, read text messages, track location, and even access your camera. The stalkerware companies often hide behind a veneer of legitimacy, marketing their tools as "employee monitoring" or "parental control" software—a legal gray area that makes enforcement difficult.

The technical setup usually involves distributing the app through legitimate app stores, tricking the target into granting it special permissions, and then storing all the collected data in cloud storage where the person spying can view it remotely.

In the celebrity case, the volume of data—90,000 screenshots—points to sustained monitoring over months or years of continuous surveillance.

A Cascading Failure

The public exposure of this spyware data reveals a major security problem: even the surveillance operations themselves are poorly secured. A basic principle of cybersecurity is that sensitive data should be protected with access controls, encryption, and activity logs. This repository was left completely open to anyone on the internet.

For the person being spied on, this creates a double violation. First, the stalkerware itself invades their privacy—and likely breaks laws. Then, when the collected data leaks, their intimate information is exposed to anyone who stumbles across it or intentionally searches for it.

The partial credit card numbers in the leaked data suggest the monitoring was comprehensive—capturing everything from financial apps to web browsing—not just targeting a single app.

Why This Is Hard to Stop

Stalkerware operations often span multiple countries. The person spying on you might be in one country, the spyware company in another, the cloud storage in a third, and the person being monitored in a fourth. This patchwork of jurisdictions creates gaps where law enforcement struggles to act quickly or effectively.

Over the past three decades of covering cybersecurity, I have watched similar battles play out with other invasive technologies—early keyloggers, modern tracking apps, and beyond. The core issue stays the same: it is easy to build and deploy these tools, hard to detect them once they are installed, and the legal system always lags behind the technology itself.

Phone makers like Apple and Google have added some defenses: they vet apps before allowing them in their stores, require apps to ask permission before accessing sensitive data, and notify users about suspicious activity. But these protections depend on users noticing warnings and understanding what they mean—something people targeted by stalkerware may not have the knowledge or safety to do.

How to Spot and Protect Against It

Stalkerware often leaves technical traces. If your phone drains its battery unusually fast, uses far more data than normal, slows down, or has apps you do not recognize, that can signal a problem. More sophisticated detection requires network monitoring tools that track suspicious communications patterns.

In workplaces, IT departments can use mobile device management systems to see which apps are installed and what data they are sending. This helps with company security, though it raises its own privacy questions.Security researchers have also built open-source detection tools and threat databases specifically for spotting stalkerware signatures, which help security teams identify compromises.

The Bigger Picture

This incident is a reminder that even sophisticated surveillance operations remain vulnerable to basic security mistakes. A repository containing months or years of someone's private life was left sitting on the internet, unencrypted and unprotected, because someone misconfigured a cloud storage setting or did not think security mattered.

The technical capability to spy on someone has become cheap and easy to deploy. What remains stubbornly difficult is detecting these tools once they are in place and building legal frameworks that keep pace with the threat. That gap between capability and accountability is where real harm happens.