Catwatchful Spyware Data Breach Exposes 62,000 Individuals’ Personal Information

• A security lapse in Catwatchful exposed sensitive personal details of more than 62,000 customers.
• Emails and plaintext passwords in the database of the surveillance software operation were also leaked.
• The breach has also revealed the identity of Catwatchful’s Uruguay-based administrator. 

A significant security lapse in the surveillance software operation Catwatchful revealed the email addresses and plaintext passwords of more than 62,000 customers and the private phone data of 26,000 people were leaked. 

The exposed database, discovered by security researcher Eric Daigle, also contained extensive stolen data from thousands of Android devices that had been victimized.  

Catwatchful operates under the guise of a parental monitoring app, yet it functions as covert surveillance software, granting users access to highly intrusive data from compromised phones, including photos, messages, real-time location, and remote access to microphones and cameras. 

The spyware's backend utilizes Google’s Firebase to manage stolen data, according to a recent TechCrunch report. This connection allowed sensitive information from victims’ phones to be uploaded and stored directly on Firebase servers, creating a central repository for the stolen data.  

The breach has also revealed the identity of Catwatchful’s administrator, Omar Soca Charcov, based in Uruguay. Records tied to the administrator were found in the exposed database, listing Charcov's personal email, phone number, and even specific Firebase resources used for operations. 

Google responded by integrating new detection capabilities into Google Play Protect, aimed at identifying and alerting users about devices infected with Catwatchful. However, while Google stated that a full investigation into Firebase’s misuse is underway, the spyware operation remains active on Firebase at present.  

A copy of the Catwatchful database was provided to the data breach notification service Have I Been Pwned.

This discovery highlights operational security oversights from stalkerware operators, as similar breaches have identified other spyware administrators in the past, such as the SpyX data breach that leaked nearly 2 million users’ details, and the Spyic and sibling Cocospy breach exposed the sensitive data of over 2.65 million.