A misconfigured Google Cloud Storage bucket left more than 46 million files from Abceed, Japan's most downloaded English-learning application, accessible to anyone with the right URL. The vast majority of the exposed files were private audio recordings of users practising their English skills.
Cybernews researchers discovered the open bucket and notified the company, which has since secured the instance. Abceed has not commented publicly.
The application partners with Paramount, Sony Pictures Entertainment, TMS Entertainment, and textbook publisher Sanseido. It reports five million users and ranks as the top education app in Japan, with more than 500,000 Android downloads.
The risk extends beyond the recordings themselves. Cybernews researchers noted that voice data of this kind could be weaponised through cloning technologies.
Malicious actors could abuse a dataset of leaked recordings to craft phishing campaigns. They can use voice cloning technologies together with vishing, mimicking the voices of coworkers, friends, or family members.
The recordings may also capture unintended background noise, including private conversations and household sounds, adding another layer of risk for the app's users.
