A significant data leak of private photos and messages from a celebrity and social media figures was caused by stalkerware, a type of spyware that captures screen activity and device data, combined with a misconfigured, publicly accessible database lacking password protection. The article does not provide a CVSS score, specific affected software versions, a fixed version, or a technical workaround. It advises end-users to watch for device symptoms like battery drain and to use strong passwords, but these are general security hygiene tips, not a patch or system-level mitigation for the underlying stalkerware threat.
Malware , Security Operations , Privacy , Data Security Celebrity data leak exposes private photos and messages due to stalkerware May 1, 2026 Share By SC Staff A significant leak of private photos, screenshots, and messages linked to a well-known European celebrity and several social media figures has been uncovered. The files, totaling 86,859 images, were stored in a publicly accessible database without password protection, as reported by HackRead. Cybersecurity researcher Jeremiah Fowler discovered the data, which included intimate chat logs from apps like WhatsApp, Facebook, TikTok, and Instagram. Many screenshots appear to have been captured directly from the victim's phone, suggesting the use of stalkerware, a type of spyware secretly installed on a device to monitor all activity. The exposed data also contained personal information such as phone numbers, email addresses, and ID documents. Fowler suspects the perpetrator likely failed to password-protect the storage folder, leading to the public accessibility of the misconfigured server. While Fowler did not name the victims to protect their privacy, he has contacted them and law enforcement. Stalkerware can bypass end-to-end encryption by capturing screen activity and can track GPS locations, read texts, and activate the phone's camera and microphone. Users are advised to watch for signs of spyware, such as rapid battery drain or overheating, and to use strong passwords and secure their devices. Source: HackRead SC Staff Related Malware Clandestine Deep#Door stealer facilitates long-term data compromise SC Staff May 1, 2026 Infosecurity Magazine reports that Windows systems are being stealthily targeted for protracted surveillance and credential exfiltration with the new Python-based Deep#Door backdoor framework. Malware New Mach-O Man malware tapped by Lazarus in macOS-targeted ClickFix attacks SC Staff May 1, 2026 High-level fintech and cryptocurrency individuals, including executives and developers, have had their macOS environments targeted by the North Korean hacking collective Lazarus Group with the new Mach-O Man malware kit in a new ClickFix campaign, reports GBHackers News. Malware Novel Minecraft-targeting stealer tapped by reemergent LofyGang SC Staff April 30, 2026 Brazilian threat group LofyGang has resurfaced to compromise Minecraft players with the novel LofyStealer malware, also known as GrabBot, more than three years after its last attack campaign, The Hacker News reports. Get daily email updates SC Media's daily must-read of the most current and pressing daily news Business Email By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy . Subscribe Related Terms Biometrics Block Cipher Cyclic Redundancy Check (CRC) Daemon Data Aggregation Data Encryption Standard (DES) Diffie-Hellman Digital Envelope Geolocation Inference Attack You can skip this ad in 5 seconds