Overview
- Security researcher Eric Daigle uncovered on July 2 an unauthenticated Catwatchful API exposing over 62,000 customer email addresses and plaintext passwords alongside 26,000 victims’ records
- HostGator briefly suspended the exposed API after notification but the spyware’s database resurfaced through a rehosted endpoint that remains publicly accessible
- On July 3 Google added Catwatchful to Play Protect and launched an investigation into potential Firebase terms-of-service violations underlying the breach
- Have I Been Pwned has integrated the leaked data to notify affected customers of compromised credentials and alert victims
- The breached database also unmasked Uruguayan developer Omar Soca Charcov as the operation’s administrator, highlighting ongoing security lapses in stalkerware services