86,859 images — the contents of a publicly accessible database that, according to the researcher who found it, appear to be screenshots taken from a single victim’s device and used to stalk a high-profile individual.
Jeremiah Fowler's discovery and the exposed database
Cybersecurity researcher Jeremiah Fowler discovered a database that was publicly accessible and lacked password protection. Fowler reported that the repository appeared to belong to an individual targeting one specific celebrity, described in the record as a notable European entrepreneur and media personality. He notified both the victim and law enforcement after finding the exposure.
The scope of what was leaked: screenshots and sensitive documents
The leaked dataset contained 86,859 images that "seemed to be screenshots from a user's device," according to the discovery. The images reportedly captured communications with business associates, models, influencers and other celebrities. The collection also included intimate conversations and photos intended to remain private. Beyond images, the breach exposed highly sensitive artifacts — phone numbers, emails, invoices, receipts and identifications were among the items said to be present in the exposed files.
How stalkerware can intrude — and what it can capture
The researcher and reporting describe the incident as stalkerware or spyware leveraged for persistent surveillance. The source notes plainly: in some instances, spyware can activate cameras and microphones. When installed on a personal device, such software can take screenshots, record communications and collect files — turning a smartphone into a continuous feed of both personal and professional activity.
What executive protection professionals need to know
Fowler spoke to Security magazine about the broader risks to executives who use personal devices for business. He observed that many executives and business professionals must be available and accessible at all times and therefore conduct business on personal smartphones. If a device is compromised with spyware, Fowler said, "this could expose highly sensitive details about their digital lives and the business. This could range from things like mergers, investments, meeting or failing to meet revenue goals, intellectual property, or even real world physical risks to their safety."
Fowler highlighted two downstream effects executives should consider: the potential for extortion once personal life is exposed, and reputational damage to an organization when private communications leak. He also noted that while many companies invest in internal cybersecurity, leaders must account for threats that originate outside the office on personal devices.
What this means for executive protection professionals, security leaders, and executives
- Executive protection professionals — The incident underscores that physical protection plans must integrate digital risk: persistent device surveillance can create real-world safety risks and unexpected appearances of individuals tracking a protected person.
- Security leaders — The exposed database demonstrates a gap beyond corporate networks. Security leaders are advised to account for personal-device compromise when assessing an executive's threat profile and to consider signals beyond logs — including unusual in-person sightings — as potential indicators of digital tracking.
- Executives and their advisors — The risk is not merely embarrassment. Fowler warned that compromised personal devices could reveal business-sensitive materials and provide "criminals [a] clear understanding of who they are communicating with, what is being said," which can enable extortion or targeted attacks.
The discovery of a large, unprotected repository of screenshots tied to a targeted individual is a concrete reminder that protection now spans both physical and digital domains. Jeremiah Fowler’s notification to the victim and law enforcement moves the incident from a research finding to a matter with legal and safety implications; the remaining questions are operational: how organizations update executive-protection protocols, how individuals check for and remediate stalkerware, and how frequently personal devices are treated as part of an enterprise's threat surface.
Original reporting: Security Magazine — Exclusive: What the Celebrity Stalkerware Breach Means for Executive Protection
