Infosecurity Group Websites
Latest
News

Domestic Abuse Victims Exposed in Cloud Misconfiguration

Thousands of domestic violence victims have had their emergency distress messages exposed after a developer misconfigured a back-end AWS bucket.

Researchers at vpnMentor led by Noam Rotem and Ran Locar found the voice recordings stored on a publicly accessible AWS S3 bucket.

They were traced back to Aspire News, an application built by US non-profit When Georgia Smiled, which features an emergency help section via which domestic abuse victims can send their distress messages. It’s backed by US TV celebrity and clinical psychologist Dr Phil.

In total, the researchers found around 230MB of data, containing around 4000 voice recordings dating back to September 2017. Fortunately, once contacted, AWS informed the non-profit and the issue was shut down the same day.

However, the data exposed in the voice recordings was highly sensitive, including victims’ full names and home addresses, details of their circumstances and their abusers’ names and personal details.

Domestic violence cases are said to have surged dramatically during lockdown, when abusers are often confined at home with their victims for extended periods.

“Had malicious or criminal hackers accessed these recordings, they could be weaponized against both victims and abusers to pursue blackmail and extortion campaigns,” said vpnMentor.

“The potential devastation caused by such an outcome can’t be overstated, risking the health, emotional wellbeing and safety of all those impacted.”

Cloud configuration errors surged by 80% between 2018 and 2019, according to DivvyCloud by Rapid7.

“This particular instance is a critical reminder of the importance of securing data in the cloud,” said the firm’s co-founder, Chris DeRamus.

“By implementing a proactive and holistic approach to detecting risks and misconfigurations in the cloud in the build process, security lapses can be identified and remediated before data ever has a chance to be exposed.”

Related to This Story

What’s Hot on Infosecurity Magazine?

1
News

Prolific Hacker Made Millions Selling Network Access

2
News

Over Two-Thirds of Q1 Malware Hidden by HTTPS

3
News

350,000 Social Media Influencers and Users at Risk Following Data Breach

4
News

Stalker Online Breach: 1.3 Million User Records Stolen

5
News

NCSC: One Million Phishing Messages Reported in Two Months

6
News

COVID-Themed Ransomware Attack on Android Users Revealed

1
News Feature

Industry Figures Make #VersusRacism Pledge

2
Blog

Busting the Top Myths About Privileged Access Management

3
News

Microsoft: Patch IIS Bug Now to Protect Exchange Servers

4
News

European Commission: Still Work to Do on GDPR

5
Opinion

Myth Busting on Biometric Authentication

6
News

Domestic Abuse Victims Exposed in Cloud Misconfiguration

1
Webinar

Attack Yourself Before They Do: Strengthen Security Through Breach and Attack Simulation

2
Webinar

The Impact of Artificial Intelligence on Cyber-Resilience

3
Webinar

Role of the CISO During a Turbulent Year

4
Webinar

The Power of Continuous AppSec and How to Achieve It

5
Webinar

Building Remote Resilience: A Secure by Design Approach to Remote Working

6
Webinar

Mitigating the Security Risks and Challenges of Office 365

1
Interview

Interview: Balaji Parimi, Founder and CEO, CloudKnox Security

2
News Feature

Have Contact Tracing Scam Opportunities Been Easily Enabled?

3
Blog

A Country in Crisis: Data Privacy in the US

4
Webinar

Role of the CISO During a Turbulent Year

5
Blog

Cybercrime is Winning – What Are You Going to Do About It?

6
Opinion

#HowTo Secure the Supply Chain