The personal data can be pulled from a person's phone because of a security issue in widely used consumer-grade stalkerware or spyware, reports TechCrunch.
"We can't name the spyware or its developer since it would make it easier for bad actors to access the insecure data," the report said on Tuesday.
It said that efforts were on to contact the spyware developer because the security and privacy of thousands of people are at risk until the issue is fixed.
Stalkerware apps are generally disguised under a fake app name with suspicious access to messages, call logs, location and other personal activity.
Once downloaded, these apps were repurposed by people to spy on the smartphones of their spouses.
The spyware security issue was discovered as part of a wider investigation into consumer-grade spyware.
Codero, the web firm that provides hosting for the developer's spyware infrastructure, was contacted but it did not respond, the report mentioned.
Earlier this month, Google said that it has purged several "stalkerware" ads from its Play Store, promoting apps that violated its policies.
"We do not allow ads promoting spyware for partner surveillance. We immediately removed the ads that violated our policy and will continue to track emerging behaviours to prevent bad actors from trying to evade our detection systems," a Google spokesperson was quoted as saying.
Several stalkerware apps used a variety of techniques to successfully evade Google's ban on such apps.
Google in October last year updated its Play Store policies to impose a ban on stalkerware apps.
"In short, it's spyware beloved by creeps, jealous ex-partners, and those who have no qualms about invading someone's privacy in the hope of tracking what they're up to and with whom," security writer Graham Cluley had said in a blog post.
A recent report by cyber security firm Kaspersky claimed that as some people try to digitally control the lives of their intimate partners, nearly 4,627 mobile users in India were found to be the victim of stalkerware.
In 2020, a total of 53,870 mobile users were affected globally by stalkerware. In 2019, Kaspersky discovered 67,500 affected mobile users.