The breach, which leaked thousands of uploaded video recordings, was due to an unprotected cloud server left open for anyone online to access. However, a security lapse resulted in some uploaded voice recordings were left exposed. These were on an unprotected cloud server, enabling any person to access.
Aspire News, which has received 300,000 downloads, to date, is a website disguised to look like a typical news reading app. The objective is to allow domestic violence victims can use to alert friends and family to abuse or danger.
Commenting for Digital Journal, Chris DeRamus, Co-founder and VP of Technology at DivvyCloud by Rapid7, looks at how the website’s vulnerabilities led to the attack.
According to DeRamus, the data loss carries a degree of seriousness: “In most data breaches, the persons affected have their privacy violated and may be at risk of financial losses.”
DeRamus looks at the nature of the site and the actions taken to date: “The application itself serves as a lifesaver to hundreds of thousands of victims…immediately after Aspire News was notified, the company took immediate action and pulled the database offline.” This measure helped to protect many users and is an example of a company responding rapidly and responsibly.
In terms of what happened with the data leak, DeRamus sees this as another cloud server vulnerability, noting: “Unfortunately, lapses in cloud security settings are a leading culprit behind many major data leaks and breaches, with the number of records exposed by cloud misconfigurations increasing.” The level of increase is 80 percent.
DeRamus recommends that companies implement “a proactive and holistic approach to detecting risks and misconfigurations in the cloud in the build process, security lapses can be identified and remediated before data ever has a chance to be exposed.”
