Aspire News misconfigured AWS settings leaks voice recordings of domestic violence victims
Aspire News, an App developed by Dr.Phil has suffered a data breach due to misconfigured AWS settings. Researchers from Noam Rotem and Ran Locar at vpnMentor found recordings from domestic violence victims on unsecured cloud storage.
The Aspire News data breach happened due to misconfigured Amazon Web Services Inc. S3 bucket and the researchers found more than 4,000 voice recordings exposed plainly. The data breach contains victim details like name, home addresses, the nature of their emergency, and their location when making the report. The data if exploited could put these 4000 victims to risk from hacking and extortion.
Founded by TV personalities Robin McGraw and Dr. Phil, the Aspire News has an emergency help section that allows domestic violence victims to send help messages to a trusted contact person. the vpnMentor research team found the exposed data on June 24 and reached out to the developer, When Georgia Smiled and Amazon. Amazon took immediate note of the incident and took the database offline.
The vpnMentor researchers had earlier found similar misconfigured Amazon bucket leaking personal data and raunchy images/videos and love chats of dating App users. At that time, the team found nearly 845 gigs of data chest leaked due to misconfigured AWS S3 buckets. The misconfiguration of the bucket affects top-quality dating Apps like 3somes, Cougary, Gay Daddy Bear, Xpal, BBW Dating, Casualx, SugarD, and Herpes Dating and contains records of hundreds of thousands of users who used these dating Apps.