When a configuration error for the online database has been exposed, 350 customer’s data have been leaked from a US-based VoIP provider. On 1st October 2020, unprotected ElasticSearch database cluster that owned by VoIP provider been found out by Researcher Bob Diachenko

According to Compritech that worked with Diachenko for the case have mentioned as follows

Some of these transcripts themselves contained sensitive details such as voicemails left at medical clinics and financial services firms.

On their posting that published a few days ago

Many of the transcripts included select personal details such as full name, phone number and date of birth, as well as some sensitive information,

The timeframe for the attacks activity will be something as

  • October 1, 2020: The database has been discovered by Diachenko which the database have been indexed by Shodan.io (search engine). The researcher also disclosure the data leaked to the Broadvoice on the same day.
  • October 4, 2020: The database had been secured by the Broadvoice

Most of the records that been leaked would be details such as

  • Caller name that including full name, business name or generic name
  • Caller Phone Number
  • A name or identified for the voice mailbox
  • An Internal identifiers

Source: Broadvoice Leak Exposes 350M Records, Personal Voicemail Transcripts and Broadvoice database of more than 350 million customer records exposed online

Leave a Reply

Your email address will not be published.