Android phones and tablets were compromised by a fleet of near-identical stalkerware apps, including TheTruthSpy, Copy9, MxSpy and others.These Android apps are planted by someone with physical access to a person’s device and are designed to stay hidden on their home screens but will continuously and silently upload the phone’s contents without the owner’s knowledge.

Given that victims had no idea that their device data was stolen, TechCrunch extracted every unique device identifier from the leaked database and built a lookup tool to allow anyone to check if their device was compromised by any of the stalkerware apps up to April 2022, which is when the data was dumped.

The database also contained 473,211 records of photos and videos uploaded from compromised phones during the six weeks, including screenshots, photos received from messaging apps and saved to the camera roll, and filenames, which can reveal information about the file. The database also contained 454,641 records of data siphoned from the user’s keyboard, known as a keylogger, which included sensitive credentials and codes pasted from password managers and other apps. It also includes 231,550 records of networks that each device connected to, such as the Wi-Fi network names of hotels, workplaces, apartments, airports and other guessable locations.