Reaching out in regards to the saddening data breach suffered by Aspire News, an app backed by Dr.Phil to help domestic violence victims covertly signal distress. The breach, leaking thousands of uploaded video recordings, was due to an unprotected cloud server left open for anyone online to access.
The Aspire News app, designed to protect domestic violence victims, has done the opposite by exposing users’ pre-recorded voice notes alerting friends and family of their dangerous situation. Due to a missing server password, victims’ safety was put at risk, giving access to users’ pre-recorded messages that could contain PII including names, addresses, abuser names, phone numbers and information to be given to emergency services. Trust is a critical component of any organization with a digital presence – especially safety applications, and these organizations are charged with protecting users, both online and in the real world. It’s clear that passwords can no longer be trusted to keep user information safe. Biometric authentication (using a person’s unique human traits to confirm identity) is much more secure, giving only authorized users access to sensitive information.
First and foremost, we must recognize the gravity of this particular security incident. In most data breaches, the persons affected have their privacy violated and may be at risk of financial losses if their information is abused for identity theft, credit card fraud, etc. Yet, in this case, the safety of the victims may be at risk as well.
Aspire News’ application, which has over 300,000 downloads, provides victims of domestic violence the ability to covertly alert friends and family of abuse or danger. The application itself serves as a lifesaver to hundreds of thousands of victims. In this instance, immediately after Aspire News was notified that 4,000 uploaded voice recordings were exposed on an unprotected cloud server, the company took immediate action and pulled the database offline. Rapid incident response is crucial to reduce the potential damage that could be done following a leak like this, and for that I applaud Aspire News’ swift action.
Unfortunately, lapses in cloud security settings are a leading culprit behind many major data leaks and breaches, with the number of records exposed by cloud misconfigurations increasing by 80% in just one year – from 2018 to 2019. This particular instance is a critical reminder of the importance of securing data in the cloud. By implementing a proactive and holistic approach to detecting risks and misconfigurations in the cloud in the build process, security lapses can be identified and remediated before data ever has a chance to be exposed.