A user who replied to me also shared some anecdotes that indicate further evidence towards that being the source (a private email address only used for GSuite admin purposes, on her iOS device, upon which she had Covve installed) -- thread here https://twitter.com/angelalgibson/status/1261314415829237761
A quick glance suggests there's barely any skill in there and it's all bottom-feeders so you'd expect this to be an easy bust for law enforcement worldwide and yet they seem to be happily operating with total impunity for quite some time.
No, more likely it's like street corner drug dealing, or say, the industrial area near me that has street walkers (well I presume it doesn't now because neither street walkers nor their johns want to die of COVID-19)
This stuff happens, at a low level, and prosecuting it is expensive and makes little real difference so why bother?
It's not even like busting shop lifters and petty burglars where at least you make the victim feel better by arresting somebody even if it likely isn't cost effective overall.
I remember one of the online British banks writing up a whole detailed post on how they knew exactly who has been stealing money from them.
They wrote up all of their information and sent it to the police who came back with: "Yeah, thanks. Here's the thing: this is non-violent crime and the total amount stolen is less than GBP 100,000" (don't remember the exact number but something thereabouts).
People like to think that the police are salivating for every crime that could come through the door. More realistically, they are an overworked group with less resources than they need to tackle and or solve many of the cases they are presented with.
Plus, just like you, they have to prioritize their work based on various dimensions of incentives such as what looks good to their boss, what is hard vs easy etc. For example, do you tackle the case that is small and easy to close with not a lot of publicity or the big case that may be harder to close but will net big wins in the PR budget?
The responses to the comment just below you (https://news.ycombinator.com/item?id=23190102) (and the nature of some of the corporate hits I've seen) seem to be consistent with a contacts database of sorts.
Not sure I'd go so far as to accuse a specific company on a public forum. But in this regard, the idea that a contact management app could be behind this DB is plausible.
A user who replied to me also shared some anecdotes that indicate further evidence towards that being the source (a private email address only used for GSuite admin purposes, on her iOS device, upon which she had Covve installed) -- thread here https://twitter.com/angelalgibson/status/1261314415829237761