Particle.news
Download on the App Store
4 ARTICLES
·
6d ago

Catwatchful Stalkerware Data Remains Public After Google Play Protect Safeguards

Unexpected reappearance of Catwatchful’s open API has exposed tens of thousands of credentials despite recent Play Protect measures

a blurred screenshot of Catwatchful's website
Digital illustration of an eye as an abstract representation Internet surveillance.

Overview

  • Security researcher Eric Daigle uncovered on July 2 an unauthenticated Catwatchful API exposing over 62,000 customer email addresses and plaintext passwords alongside 26,000 victims’ records
  • HostGator briefly suspended the exposed API after notification but the spyware’s database resurfaced through a rehosted endpoint that remains publicly accessible
  • On July 3 Google added Catwatchful to Play Protect and launched an investigation into potential Firebase terms-of-service violations underlying the breach
  • Have I Been Pwned has integrated the leaked data to notify affected customers of compromised credentials and alert victims
  • The breached database also unmasked Uruguayan developer Omar Soca Charcov as the operation’s administrator, highlighting ongoing security lapses in stalkerware services