Massive Stalkerware Data Leak Exposes Private Photos, Messages of European Celebrity and Influencers
Cybersecurity researcher Jeremiah Fowler discovered a major data leak involving 86,859 private images, screenshots, and messages belonging to a prominent European celebrity, entrepreneur, and media personality, as well as several social media influencers. The files stored in an unprotected, publicly accessible database revealed intimate details, including romantic conversations, phone numbers, email addresses, and images of ID documents like invoices and receipts.
The breach stemmed from stalkerware, a type of spyware installed without the victim’s knowledge to monitor their device activity. Analysis indicated the software captured screenshots directly from the victim’s phone, bypassing encryption by recording messages as they appeared on-screen. The leak also included chat logs from WhatsApp, Facebook, TikTok, and Instagram, some involving influencers with millions of followers.
Fowler determined the database lacked password protection, allowing anyone with internet access to view the sensitive files. While he refrained from naming the victims to protect their privacy, he contacted them using the leaked phone numbers and alerted law enforcement to halt further surveillance.
Stalkerware typically requires physical access to a device for installation and can track GPS locations, read texts, and even activate the camera or microphone. Though apps like WhatsApp use end-to-end encryption, spyware circumvents this by capturing on-screen content. The incident underscores the risks of misconfigured storage and the invasive capabilities of such surveillance tools.
Source: https://hackread.com/private-chats-photos-celebs-expose-stalkerware-leak/
Instagram cybersecurity rating report: https://www.rankiteo.com/company/instagram
Meta cybersecurity rating report: https://www.rankiteo.com/company/meta
"id": "INSMET1777587835",
"linkid": "instagram, meta",
"type": "Breach",
"date": "4/2026",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'industry': 'Entertainment, Social Media',
'location': 'Europe',
'type': 'Individuals (Celebrity, Entrepreneur, Media '
'Personality, Social Media Influencers)'}],
'attack_vector': 'Stalkerware (Spyware)',
'data_breach': {'data_encryption': 'Bypassed (screenshots captured on-screen)',
'file_types_exposed': ['Images', 'Screenshots', 'Text logs'],
'number_of_records_exposed': '86,859',
'personally_identifiable_information': ['Phone numbers',
'Email addresses',
'ID documents'],
'sensitivity_of_data': 'High (intimate details, personally '
'identifiable information)',
'type_of_data_compromised': ['Private images',
'Screenshots',
'Messages',
'Phone numbers',
'Email addresses',
'ID documents (invoices, '
'receipts)',
'Chat logs (WhatsApp, Facebook, '
'TikTok, Instagram)']},
'description': 'Cybersecurity researcher Jeremiah Fowler discovered a major '
'data leak involving 86,859 private images, screenshots, and '
'messages belonging to a prominent European celebrity, '
'entrepreneur, and media personality, as well as several '
'social media influencers. The files stored in an unprotected, '
'publicly accessible database revealed intimate details, '
'including romantic conversations, phone numbers, email '
'addresses, and images of ID documents like invoices and '
'receipts. The breach stemmed from stalkerware, a type of '
'spyware installed without the victim’s knowledge to monitor '
'their device activity. Analysis indicated the software '
'captured screenshots directly from the victim’s phone, '
'bypassing encryption by recording messages as they appeared '
'on-screen. The leak also included chat logs from WhatsApp, '
'Facebook, TikTok, and Instagram, some involving influencers '
'with millions of followers.',
'impact': {'brand_reputation_impact': 'High (for victims)',
'data_compromised': '86,859 private images, screenshots, and '
'messages',
'identity_theft_risk': 'High',
'systems_affected': "Victims' mobile devices"},
'initial_access_broker': {'entry_point': "Physical access to victim's device "
'(for stalkerware installation)'},
'lessons_learned': 'The incident underscores the risks of misconfigured '
'storage and the invasive capabilities of stalkerware, '
'which can bypass encryption by capturing on-screen '
'content.',
'motivation': 'Surveillance',
'post_incident_analysis': {'root_causes': 'Unprotected database, stalkerware '
"installation on victims' devices"},
'references': [{'source': 'Cybersecurity researcher Jeremiah Fowler'}],
'response': {'communication_strategy': 'Alerted victims via leaked phone '
'numbers',
'containment_measures': 'Database secured after notification',
'law_enforcement_notified': 'Yes',
'third_party_assistance': 'Cybersecurity researcher (Jeremiah '
'Fowler)'},
'title': 'Massive Stalkerware Data Leak Exposes Private Photos, Messages of '
'European Celebrity and Influencers',
'type': 'Data Leak',
'vulnerability_exploited': 'Unprotected publicly accessible database'}