Stalkerware apps are consumer spyware applications that operate in a legal gray area. While most associate them with targeted spyware like Pegasus, there is actually a huge number of companies offering these services to customers hoping to spy on their partners or family members.
Ironically, hackers are now targeting stalkerware apps for the information they collect from their victims. For those facing threat models involving abusive relationships or family members, their personal data is also at risk.
According to TechCrunch’s tally, counting the latest data exposure of Catwatchful, there have been at least 26 stalkerware companies since 2017 that are known to have been hacked, or leaked customer and victims’ data online. That’s not a typo: At least 26 stalkerware companies have either been hacked or had a significant data exposure in recent years. And four stalkerware companies were hacked multiple times.
There are several important players here. Almost all of them faced some sort of data breach in the past few years.
Consumer spyware apps like Catwatchful, SpyX, Cocospy, mSpy and pcTattletale are commonly referred to as “stalkerware” (or spouseware) because jealous spouses and partners use them to surreptitiously monitor and surveil their loved ones.
These companies often explicitly market their products as solutions to catch cheating partners by encouraging illegal and unethical behavior. There have been multiple court cases, media investigations and surveys of domestic abuse shelters that show that online stalking and monitoring can lead to cases of real-world harm and violence.