How a Spy App's Leaked Data Exposed a Celebrity's Private Life

A security researcher named Jeremiah Fowler discovered nearly 90,000 screenshots of a European celebrity's private information stored in an unprotected cloud folder. The screenshots were collected using stalkerware—software designed to spy on someone's phone. The data showed private messages with models and famous people, partial credit card numbers, and records of what the person was doing online.

Fowler reported the finding to police and tried to contact the victim.

Why This Matters Beyond One Celebrity

This incident is not isolated. In June 2024, a different stalkerware breach exposed information from over 2 million people, including Apple device users. Neither the people being spied on nor the people who paid for the spyware software were told about it.

Stalkerware is more common than many realize. Security company Kaspersky found that 31,031 people worldwide were targeted by stalkerware in 2023, an increase of nearly six percent from the year before. In Europe, Germany had the most cases with 577, followed by France with 332 and the United Kingdom with 271.

Even when one stalkerware service shuts down—like LetMeSpy did in 2023—new ones keep appearing. The problem continues to grow.

How Stalkerware Actually Works

Stalkerware apps are installed on a target's phone and send back information to whoever is using them. Think of it like planting a hidden camera in someone's home, except it watches their phone instead. The app captures screenshots, texts, location, keyboard input, and even camera feeds.

Companies that sell these apps often claim they are meant for employers to monitor workers or parents to monitor children. That legal gray area makes them harder to shut down. The apps get installed through phone app stores and exploit special permissions that let them access almost everything on the device. The stolen information gets sent to cloud servers controlled by the spyware company.

In the celebrity case, 90,000 screenshots suggests months or years of continuous spying on the same person.

The Double Problem: Spying on the Spy

The exposed cloud folder reveals a serious security failure by the stalkerware company itself. Basic security practices—like restricting who can access stored data or scrambling it with encryption—were missing or broken. The surveillance data sat where anyone on the internet could find it.

This creates a second layer of harm for victims. First, someone spies on them. Then, when the spyware company fails to protect that stolen data, a much larger group of strangers can see it too. In this case, that included partial credit card numbers, giving criminals more to work with.

The problem grows when spyware data gets shared or sold after a breach.

Why It's Hard to Stop

Stalkerware operations often cross borders. The person being spied on lives in one country, the person doing the spying in another, the company running the software in a third, and the cloud servers in a fourth. Police in one location cannot easily investigate or prosecute crimes happening elsewhere.

Over my three decades covering technology, I've watched this same challenge repeat itself with other invasive tools—from hidden keystroke recorders in the 1990s to tracking apps today. The core problem stays the same: it's easy to build and hide this kind of software, hard to detect it, and harder still for laws to keep up.

Phone makers like Apple and Google have added some protections: they check apps before allowing them in their stores, they limit what apps can access, and they warn users about suspicious applications. But these defenses only work if people notice the warnings and understand what they mean. Many victims of spyware do not have that knowledge or are not in a position to act on it.

What You Can Do

If you are concerned stalkerware might be on your phone, watch for signs of trouble: battery draining fast, high data usage, or your phone slowing down. Look at your installed apps and remove anything you do not recognize.

For businesses, dedicated phone management tools can show what apps are installed and what information is being sent over the network. These tools have their own privacy trade-offs worth considering.

Security researchers continue to build free tools and maintain lists of known stalkerware signatures—patterns that let security software recognize and flag suspicious applications.

The celebrity case shows something important: even surveillance operations that stay hidden for a long time eventually fail at basic security. When they do, the harm often spreads much further than anyone expected. The real lesson is how preventable this all is if companies and phone makers take privacy seriously from the start.