vpnMentor’s research team, led by renowned analysts Noam Rotem and Ran Locar, recently discovered an incredibly sensitive data breach originating from the domestic violence prevention app Aspire News App.
Built by the US non-profit When Georgia Smiled, Aspire News App can be installed on a user’s phone to appear as a news app. However, it also features an emergency help section with resources for domestic abuse victims, including a function for them to send emergency distress messages to a trusted contact person.
These distress messages can be sent via voice recording, with a victim’s details, home address, the nature of their emergency, and their current location. The developers of the Aspire News App had stored over 4,000 voice recordings on a misconfigured Amazon Web Services (AWS) S3 bucket, allowing any files to be viewed and downloaded, similar to a cloud storage folder.
Full article on vpnMentor https://www.vpnmentor.com/blog/report-aspire-news-app-breach/