Comparitech security researcher Bob Diachenko has identified an open bunch of databases owned by the Voice over IP (VoIP) telecommunications supplier Broadvoice. The data of greater than 350 million consumers are kept in the databases.
The compromised Elasticsearch cluster was found on October 1, 2020, when the Shodan.io search engine indexed the database collection. There were 10 libraries of data discovered in the Elasticsearch cluster. The biggest cluster comprised of 275 million documents and had information like caller names, telephone numbers, and site of callers, in addition to other sensitive information. One database was discovered to include transcribed voicemail communications that involved an array of sensitive records like data about financial loans and prescribed medicines. Above 2 million voicemail recordings were contained in that subset of information, 200,000 of which had transcriptions.
The voicemails had information such as phone numbers, caller names, internal identifiers, voicemail box identifiers, and the transcripts contained personal details including complete names, dates of birth, telephone numbers, and other information. Voicemails kept at health clinics such as specifics of prescribed medications and medical operations. Details related to loan requests were likewise exposed, coupled with several insurance policy numbers.
Diachenko informed Broadvoice regarding the breached Elasticsearch cluster and the provider took quick action to stop any unauthorized access. Broadvoice CEO Jim Murphy stated that they knew on October 1 that a security expert got access to a subset of b-hive data files. The data files were located in an accidentally unprotected storage service on September 28 and were made secure again on October 2. Diachenko verified on October 4, 2020 that the Elasticsearch cluster is no longer exposed.
Right now, Broadvoice believes there was no misuse of information. A third-party forensics agency is analyzing the data and will present more data and new reports to clients and associates.
Broadvoice sent a breach report to authorities and is inspecting the breach. It is at this time unknown if any person besides Diachenko discovered and viewed the databases.
Though almost all of the databases included just some data, cybercriminals would consider it invaluable and utilize it to very easily target consumers of Broadvoice in phishing campaigns. The information in the database can be utilized to convince clients that they were talking to Broadvoice, and they can be misled into disclosing more sensitive information or sending fraudulent payments.
People whose data was written in the voicemail transcripts can be most vulnerable, as the extra data may be employed to set up convincing and effective phishing campaigns.
Comparitech researchers have in the past explained that persons are consistently checking for unsecured databases and that they are normally identified within hours of being disclosed. Their research revealed that initiatives were made to get access to their Elasticsearch honeypot within just 9 hours of the information being exposed. As soon as databases are spidered by search engines for example Shodan and BinaryEdge attacks take place in a few minutes.
Comparitech researchers browse the internet to determine exposed records and give breach reports to the owners of the databases. Their purpose is to have the information secured and all pertinent parties advised right away to limit the probable damage created.