news 
Data Breach Reveals Catwatchful ‘Stalkerware’ is Spying on Thousands of Phones
A massive security vulnerability in the stealthy Android spyware operation called Catwatchful has exposed thousands of its customers, including the administrator of the operation. The bug, discovered by security researcher Eric Daigle, allowed anyone to access the entire Catwatchful database without needing a login.
As per TechCrunch’s findings, it appears that Catwatchful uses Google’s Firebase platform to host and store the stolen phone data, including intimate photos, messages, and real-time location information. The spyware can also remotely tap into the live ambient audio from the phone’s microphone and access both front and rear phone cameras.
According to Daigle’s report, the vulnerability in Catwatchful’s API exposed the entire database of customer email addresses and plaintext passwords used to access the stolen data.
Source: techcrunch.com
