A significant security incident has impacted a provider of stalkerware applications, software often deployed to secretly monitor individuals’ devices. The breach was reportedly caused by a SQL injection vulnerability, a critical flaw that can allow unauthorized database access.
The compromise of a database belonging to a stalkerware vendor is especially alarming due to the nature of the data involved. Stalkerware can collect highly sensitive information, including location data, messages, and call logs, frequently without the target’s knowledge or consent. This incident suggests that the security of this collected data may have been compromised, potentially exposing information belonging to both the software’s users and the individuals being monitored. Internal company data could also be at risk.
This event underscores the inherent security risks associated with stalkerware technology itself, extending beyond privacy concerns to encompass significant data security vulnerabilities for all parties involved. It emphasizes the crucial need for advanced cybersecurity defenses, particularly for systems handling extremely personal and sensitive information. This breach serves as a potent reminder of the potential for devastating data exposure when strong security practices are not rigorously maintained, especially within the controversial realm of surveillance software.
Source: https://go.theregister.com/feed/www.theregister.com/2025/07/06/infosec_roundup/
