A security researcher recently uncovered a significant data breach involving the popular covert surveillance app, Catwatchful. The app, marketed as a tool for parental oversight, was found to have leaked emails, plain-text passwords, and other sensitive data of approximately 62,000 users. The breach was facilitated by a SQL injection vulnerability, allowing unauthorized access to user accounts.
The company behind Catwatchful emphasizes the app’s undetectable nature, claiming it operates in stealth mode, making it invisible on the target device and untraceable by users. Despite the app’s positioning as a legal monitoring tool for parents, the emphasis on its invisibility has fueled concerns that it may be misused for other suspicious purposes.
According to the app’s promotional content, only the user has access to the data collected, enabling discreet monitoring of a phone without revealing the observer’s presence. However, the recent data leak raises questions about the app’s security measures and the potential misuse of such stealth surveillance tools, especially given the sensitive nature of the leaked data.
