Provider of covert surveillance app spills passwords for 62,000 users
Briefly

The Catwatchful app, marketed for stealthy monitoring of Android devices, suffered a major security breach exposing sensitive data of 62,000 users. A researcher identified that a SQL injection vulnerability allowed unauthorized access to email addresses, plain-text passwords, and other personal data. Although the app is presented as a tool for parental monitoring, its marketing emphasizes stealth, raising ethical concerns about its usage. Claims of it being undetectable and impossible to stop or uninstall suggest potential misuse by unauthorized individuals.
The app Catwatchful, designed for stealthy monitoring, exposed the email addresses and passwords of 62,000 users due to a SQL injection vulnerability.
Researchers found that a security flaw allowed access to sensitive data of users who utilized Catwatchful to monitor Android devices covertly.
Promoters of Catwatchful claim that it is intended for parental monitoring, but its emphasis on stealth raises concerns about its true purpose.
Catwatchful's marketing emphasizes its invisibility, stating that it cannot be detected, uninstalled, or stopped, allowing users unrestricted access to collected information.
Read at Ars Technica
[
|
]