A significant data breach has come to light involving the Android spyware operation known as Catwatchful. Security researcher Eric Daigle uncovered a critical vulnerability in the app, which led to the exposure of sensitive information belonging to thousands of users. The breach included the full database of Catwatchful’s customers, containing email addresses and plaintext passwords used to access the stolen data from victims’ phones. Over 62,000 customer accounts and phone data from 26,000 devices were compromised. The breach also revealed the identity of the spyware operation’s administrator, Omar Soca Charcov, a developer based in Uruguay. Despite attempts to contact Charcov for comment, he has not responded to requests in either English or Spanish. The security researcher, Daigle, informed TechCrunch about the breach, and the data was subsequently shared with the data breach notification service Have I Been Pwned. The stalkerware operation used a custom API and Google’s Firebase to store the stolen data, which was left unauthenticated, exposing sensitive user information. Hosting services temporarily suspended the spyware but it was later reinstated on HostGator. Google has not taken down the Firebase instance, but updated its security measures to detect Catwatchful. Despite the app’s claims of being uninstallable, users can reveal and remove it by dialing ‘543210’ on their Android phones. TechCrunch also provided a general guide for removing Android spyware, emphasizing the importance of cybersecurity awareness.