When a configuration error for the online database has been exposed, 350 customer’s data have been leaked from a US-based VoIP provider. On 1st October 2020, unprotected ElasticSearch database cluster that owned by VoIP provider been found out by Researcher Bob Diachenko
According to Compritech that worked with Diachenko for the case have mentioned as follows
Some of these transcripts themselves contained sensitive details such as voicemails left at medical clinics and financial services firms.
On their posting that published a few days ago
Many of the transcripts included select personal details such as full name, phone number and date of birth, as well as some sensitive information,
The timeframe for the attacks activity will be something as
- October 1, 2020: The database has been discovered by Diachenko which the database have been indexed by Shodan.io (search engine). The researcher also disclosure the data leaked to the Broadvoice on the same day.
- October 4, 2020: The database had been secured by the Broadvoice
Most of the records that been leaked would be details such as
- Caller name that including full name, business name or generic name
- Caller Phone Number
- A name or identified for the voice mailbox
- An Internal identifiers