Particle.news

Download on the App Store

Catwatchful Stalkerware Data Remains Public After Google Play Protect Safeguards

Unexpected reappearance of Catwatchful’s open API has exposed tens of thousands of credentials despite recent Play Protect measures

a blurred screenshot of Catwatchful's website
Digital illustration of an eye as an abstract representation Internet surveillance.

Overview

  • Security researcher Eric Daigle uncovered on July 2 an unauthenticated Catwatchful API exposing over 62,000 customer email addresses and plaintext passwords alongside 26,000 victims’ records
  • HostGator briefly suspended the exposed API after notification but the spyware’s database resurfaced through a rehosted endpoint that remains publicly accessible
  • On July 3 Google added Catwatchful to Play Protect and launched an investigation into potential Firebase terms-of-service violations underlying the breach
  • Have I Been Pwned has integrated the leaked data to notify affected customers of compromised credentials and alert victims
  • The breached database also unmasked Uruguayan developer Omar Soca Charcov as the operation’s administrator, highlighting ongoing security lapses in stalkerware services