Home > Security > Security News

Amazon Criticized for Hosting Stalkerware Victims’ Data Weeks After Cocospy Breach Alert 

Published
Written by:
Lore Apostol
Lore Apostol
Cybersecurity & Streaming Writer
amazon

Amazon is facing criticism for hosting data from Cocospy, Spyic, and Spyzie apps weeks after being alerted to the issue, as the companies behind the spyware continue to upload sensitive phone data of a collective 3.1 million people to Amazon Web Services (AWS) servers.  

TechCrunch notified Amazon of the stalkerware-hosted data on February 20, providing specific storage bucket information where the data stolen from victims’ phones was being stored.

AWS responded by thanking TechCrunch for the report and provided a link to its abuse report form, but as of mid-March, no decisive action has been taken to disable the hosting servers.

AWS-hosted photos uploaded via a virtual Android device deliberately compromised with Cocospy.
AWS-hosted photos uploaded via a virtual Android device deliberately compromised with Cocospy (screenshot) | Source: TechCrunch

Cocospy, Spyic, and Spyzie are Android apps that share identical source code and a known security flaw that’s relatively easy to exploit, and they are designed to collect phone data secretly. The current vulnerability exploits poorly secured servers used by these apps, allowing external access to exfiltrated data.  

The servers used by the apps hinted at Chinese origins and stored data on a mix of Cloudflare and AWS infrastructure.

The Spyzie app was similarly uploading stolen data to its own Amazon bucket, and TechCrunch alerted Amazon about it on March 10.

Amazon states that AWS enforces strict acceptable use policies and responds to reports of misuse. However, the company's procedural response has drawn criticism for delaying action on hosting stolen data.  

Stalkerware continues to thrive through direct downloads even though it is banned from official app stores, such as Google Play and Apple's App Store. While some vendors claim the apps are for legal purposes, their capabilities are often abused in ways that violate privacy laws.


Add a Comment
Related
Data Breach
FunkSec Hacking Group Claims Breach of UNIMORE University's Systems
close up photo of wooden gavel
New York Sues ‘Allstate’ Over 2020-2021 Data Breaches and Alleged Security Failures
data breach
Stormous Hacking Group Claimed Breaching the Wizz Air Abu Dhabi Branch
Threat Actor Claims Possession of 16TB NATO Cosmic Top Secret Documents
Tata Technologies Data Breach Claimed by Hunters International Ransomware 
Crime Records and Bank Accounts Allegedly from Wayne County Hacked by the Interlock Ransomware Group
Most Popular
F1 Movie
What you Should know About Brad Pitt’s F1 Movie (2025)
Black Mirror Season 7
What you Should know About Black Mirror Season 7: USS Callister Sequel, Generative AI, and more
DeepSeek AI Model Jailbreak Allows Providing Malware Code for ‘Educational Purposes Only’
ransomware server
Groundbreaking GPU Technology Unlocks Akira Ransomware Data Recovery
Invincible
When does Season 4 of Invincible come out?
Severance
Severance Season 2 Episode 9 Explained: Mark’s Ancestry, Irving’s Train stop, Dylan’s Resignation, and more
What you Should know About Brad Pitt’s F1 Movie (2025)
What you Should know About Black Mirror Season 7: USS Callister Sequel, Generative AI, and more
DeepSeek AI Model Jailbreak Allows Providing Malware Code for ‘Educational Purposes Only’
Groundbreaking GPU Technology Unlocks Akira Ransomware Data Recovery
When does Season 4 of Invincible come out?
Severance Season 2 Episode 9 Explained: Mark’s Ancestry, Irving’s Train stop, Dylan’s Resignation, and more

Most Popular
F1 Movie
What you Should know About Brad Pitt’s F1 Movie (2025)
Black Mirror Season 7
What you Should know About Black Mirror Season 7: USS Callister Sequel, Generative AI, and more
DeepSeek AI Model Jailbreak Allows Providing Malware Code for ‘Educational Purposes Only’
ransomware server
Groundbreaking GPU Technology Unlocks Akira Ransomware Data Recovery
Invincible
When does Season 4 of Invincible come out?
Severance
Severance Season 2 Episode 9 Explained: Mark’s Ancestry, Irving’s Train stop, Dylan’s Resignation, and more
What you Should know About Brad Pitt’s F1 Movie (2025)
What you Should know About Black Mirror Season 7: USS Callister Sequel, Generative AI, and more
DeepSeek AI Model Jailbreak Allows Providing Malware Code for ‘Educational Purposes Only’
Groundbreaking GPU Technology Unlocks Akira Ransomware Data Recovery
When does Season 4 of Invincible come out?
Severance Season 2 Episode 9 Explained: Mark’s Ancestry, Irving’s Train stop, Dylan’s Resignation, and more

© 2025 TechNadu, a part of Leaprove Media LLP. All Rights Reserved.

Close lightbox
Facebook
Twitter
Linkedin
Reddit
Email
Copy Link
For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: