Cybersecurity Researcher Jeremiah Fowler discovered a data exposure of what appears to be stalkerware leveraged to track a celebrity victim. The leaked database contained 86,859 images of which seemed to be screenshots from a user’s device, related to one specific celebrity.
What Happened?
Fowler discovered the database in question was publicly accessible and without password protection, and it appeared to belong to an individual targeting one specific celebrity, a notable European entrepreneur/media personality. The screenshots capture communications with business associates, models, influencers, and celebrities; furthermore, intimate conversations and photos intended to be private were likewise captured.
Highly sensitive information was exposed, including but not limited to:
Phone numbers
Emails
Invoices
Receipts
Identifications
Fowler notified both the victim and law enforcement of the exposed database.
What Executive Protection Professionals Need to Know
While this particular instance deals with the privacy and safety of a celebrity, executives — especially those who may be considered “industry celebrities” — can be at risk of similar threatening behavior.
Fowler spoke to Security magazine about the issue, saying, “Many executives and business professionals have to be available and accessible at all times and this means conducting business on a personal device such as their smartphone. If their device was compromised with spyware this could expose highly sensitive details about their digital lives and the business. This could range from things like mergers, investments, meeting or failing to meet revenue goals, intellectual property, or even real world physical risks to their safety. Criminals would have a clear understanding of who they are communicating with, what is being said, and this could have implications that go far beyond personal privacy violations. Having your personal life exposed could also increase the risk of extortion attempts or damage the reputation of an organization. While many companies invest in their internal cybersecurity it is also important to realize the potential threats to their leadership outside of the office through spyware on their personal devices.”
What Is Stalkerware?
Stalkerware is a form of spyware. It can be installed on a device (such as a phone or computer) and will monitor an individual without knowledge or consent.
Once installed, stalkerware could be used to:
Follow a target’s location
Read messages
Monitor social media
Record phone calls
View photos
In some instances, spyware can activate cameras and microphones.
How to Tell if Spyware Is on a Device
Stalkerware is designed to be subtle, but there are identifiable signs that the software may be infecting a device. These include:
Battery drain
Abnormal system behavior
High data usage
Unexpected pop-ups
Overheating
Appearance of unfamiliar apps
Running slow
Random restarts
Unusual permissions requests
Beyond signs on a device, security leaders can also pay attention to signals in the real world. For example, if an individual repeatedly arrives where your executive is without a explanation or reason, this could indicate the protected individual is being tracked.
While this specific instance involved a European celebrity, security leaders all across the globe can consider it a reminder that executive protection has gone beyond physical and blurred into the digital world.