Provider of covert surveillance app spills passwords for 62,000 users

A significant data breach has occurred involving a surveillance application known as Catwatchful, which is marketed as a discreet tool for monitoring activities on Android devices. Recent findings by security researcher Eric Daigle revealed that the app's vulnerability exposed email addresses, plaintext passwords, and other sensitive information belonging to approximately 62,000 users. The breach was attributed to a SQL injection flaw that enabled the researcher to extract a wealth of sensitive data from the app's database. This incident raises serious concerns about the security measures in place for apps that promise stealthy surveillance capabilities. While the developers of Catwatchful insist that the application is designed for legitimate purposes, such as parental monitoring of children's online behavior, the emphasis on its covert nature has led to speculation about its use for more nefarious purposes. Promotional material for the app claims it operates without detection and cannot be uninstalled by the user, stating, "Only you can access the information it collects." The app's marketing promotes its ability to monitor devices without the owner's knowledge, positioning it as invisible and undetectable. However, this stealthy approach has drawn scrutiny from privacy advocates, who warn that it could facilitate unauthorized surveillance and invasion of privacy.