Click For Photo: https://techcrunch.com/wp-content/uploads/2019/01/getty-opsec-21.jpg?w=536
An unprotected server storing millions of call logs and text messages was left open for months before they were found by a security researcher.
If you thought you’d heard this story before, you’re not wrong. Back in November, another telecoms company Voxox exposed a database containing millions of text messages — including password resets and two-factor codes.
Time - Company - Voipo - Lake - Forest
This time around, it’s a different company: Voipo, a Lake Forest, California communications provider, exposed tens of gigabytes worth of customer data.
Security researcher Justin Paine found the exposed database last week, and reached out to the company’s chief technology officer. Yet, the database was pulled offline before Paine even told him where to look.
Voipo - Provider - Business - Phone - Line
Voipo is a voice-over-internet provider, providing residential and business phone line services that they can control themselves in the cloud. The company’s backend routes calls and processes text messages for its users. But because one of the backend ElasticSearch databases wasn’t protected with a password, anyone could look in and see streams of real-time call logs and text messages sent back and forth.
It’s one of the largest data breaches of the year — so far — totaling close to seven million call logs, six million text messages, and other internal documents containing unencrypted passwords that if used could have allowed an attacker to gain deep access to the company’s systems.
Paine - Write-up - Database - June - Call
Paine said, and noted in his write-up, that the database was exposed since June 2018, and contains call and message logs dating back to May 2015. He told TechCrunch that the logs were updated daily and went up to January 8 — the day the database was pulled offline. Many of the files contained highly detailed call records of who called whom, the time and date, and more.
Some of the numbers in the call logs were scrubbed, Paine said, but text message logs...
Wake Up To Breaking News!
Sorry Mr. Franklin, we couldn't keep it.