Domestic abuse prevention app exposes victims in massive data breach
vpnMentor’s research team, led by analysts Noam Rotem and Ran Locar, recently discovered a sensitive data breach originating from the domestic violence prevention app Aspire News App.
Built by the US non-profit When Georgia Smiled, Aspire News App can be installed on a user’s phone to appear as a news app. However, it also features an emergency help section with resources for domestic abuse victims, including a function for them to send emergency distress messages to a trusted contact person. These distress messages can be sent via voice recording, with a victim’s details, home address, the nature of their emergency, and their current location. The developers of the Aspire News App had stored over 4,000 voice recordings (more than 230MB) on a misconfigured Amazon Web Services (AWS) S3 bucket, allowing any files to be viewed and downloaded, similar to a cloud storage folder, say the researchers.