Amazon is still hosting stalkerware victims’ data weeks after breach alert

Amazon will not say if it plans to take action against three phone surveillance apps that are storing troves of individuals’ private phone data on Amazon’s cloud servers, despite TechCrunch notifying the tech giant weeks earlier that it was hosting the stolen phone data. Amazon told TechCrunch it was “following [its] process” after our February notice, but as of the time of this article’s publication, the stalkerware operations Cocospy, Spyic, and Spyzie continue to upload and store photos exfiltrated from people’s phones on Amazon Web Services. Cocospy, Spyic, and Spyzie are three near-identical Android apps that share the same source code and a common security bug, according to a security researcher who discovered it, and provided details to TechCrunch. The researcher revealed that the operations exposed the phone data on a collective 3.1 million people, many of whom are victims with no idea that their devices have been compromised. The researcher shared the data with breach notifi ... Read full article.