Unnamed stalkerware company has left gigabytes of sensitive personal info unprotected on the web and can't be reached to fix it

Security researcher Cian Heasley discovered an unprotected online storage folder accessible via the web that contains all the data that stalkers and snoops took from their victims' devices via a commercial program that steals photos and recordings from their devices.

Included in the leak are 3.7GB of MP3 recordings (25,000 in total) of personal phone calls and 16GB of images (95,000 in total), including very sensitive and personal images.

Both Heasley and Motherboard have repeatedly contacted the stalkerware company to alert them to the breach, but they have not received a response, despite multiple attempts. Out of an abundance of caution, Motherboard has not named the company while its customers' victims' date is exposed.

Stalkerware companies (previously) market their products to jealous spouses, employers, parents, and even law enforcement. As you might expect from companies engaged in such unethical conduct, these firms are notorious for their bad security, and frequently breach all their customers' victims' data. Motherboard has covered 12 different vendors' breaches in just the past two years: "Retina-X (twice), FlexiSpy, Mobistealth, Spy Master Pro, SpyHuman, Spyfone, TheTruthSpy, Family Orbit, mSpy, Copy9, and Xnore."

The exposed database was found by security researcher Cian Heasley, who contacted us when he found it earlier this year. The database is still online, and has been online for at least six weeks. Pictures and audio recordings are still being uploaded to it nearly every day. We wont name the company to protect the victims who may be getting spied on without their consent or knowledge, andon top of thatare having their pictures and calls uploaded to a server open to anyone with an internet connection.