Stalkerware Database Leak Exposes Private Chats and Photos of Celebrities
What Happened — An unsecured database belonging to a suspected stalker‑ware application was left publicly accessible, allowing anyone to download private chat logs and high‑resolution photos of multiple celebrities and influencers. Security researchers identified the open database, confirmed the contents, and alerted the media.
Why It Matters for TPRM —
- Third‑party mobile apps that collect personal data can become a direct conduit for data leakage if they are mis‑configured.
- Organizations that permit employees to install unvetted applications expose themselves to reputational and compliance risk.
- Supply‑chain risk extends beyond traditional SaaS vendors to malicious or poorly secured consumer‑grade software.
Who Is Affected — Media & Entertainment (celebrity accounts), Influencer marketing firms, any enterprise whose staff may have installed the stalkerware app on corporate devices.
Recommended Actions —
- Conduct an inventory of all third‑party mobile applications installed on corporate devices.
- Enforce Mobile Device Management (MDM) policies that block unapproved spyware or stalkerware.
- Review data‑handling agreements with any vendors that process personal communications.
- Perform a risk assessment of any external services that store or transmit employee‑generated content.
Technical Notes — The exposure resulted from a misconfiguration: the database lacked authentication and was reachable over the public internet. No known CVE was involved. Exfiltrated data included private messages, photos, timestamps, and user identifiers. Source: HackRead