- Cybernews finds Abceed app exposed 46M files via misconfigured Google Cloud bucket
- Leak includes 10TB of private audio recordings from 5M users practicing English
- Researchers warn voice data could fuel vishing, voice cloning, and scams like virtual kidnapping
An English learning app popular in Japan has reportedly exposed sensitive data on millions of people, putting them at risk of identity theft, impersonation, and other forms of fraud.
Security researchers at Cybernews recently discovered a misconfigured Google Cloud Storage bucket with more than 46 million files, most of which were private audio recordings of users practicing their English skills through the ‘Abceed’ app.
With a user base of around five million, Abceed is a well-known and popular app, partnering with the likes of Paramount, Sony Pictures Entertainment, TMS Entertainment, and a major textbook publisher called Sanseido. It is also allegedly endorsed by schools and major corporations, making it the go-to app for learning English in the country.
Article continues below
Why voice files are important
The exposed database contained nearly 10TB of user data – mostly people practicing English and pronouncing different words. While this doesn’t sound like much of a breach, Cybernews notes this could be a goldmine for cybercriminals:
“Malicious actors could abuse a dataset of leaked recordings to craft phishing campaigns. They can use voice cloning technologies together with vishing, mimicking the voices of coworkers, friends, or family members,” the research team said. “It can also be used to create personas where ethnicity and inexperience in speaking English may become a convincing factor for sextortion, or ‘pig butchering’ scams.”
The technique might be a novelty, but we’ve already seen it in action. Security researchers already coined the term “virtual kidnapping”, and we’ve seen reports of people paying ransom demands after thinking their children got abducted.
One way to defend against these attacks is to create a “safe phrase” – a password only your closest family members know. That way, when someone claims to have abducted your significant other, if they don’t know the safe phrase, you can be safe knowing it’s just a scam.
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the Follow button!
And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form, and get regular updates from us on WhatsApp too.
