Comparitech security researcher Bob Diachenko has found an open group of databases that belong to the Voice over IP (VoIP) telecommunications merchant Broadvoice. The records of more than 350 million clients are stored in the databases.
The compromised Elasticsearch cluster was identified on October 1, 2020, when the Shodan.io search engine indexed the database cluster. There were 10 collections of data found in the Elasticsearch cluster. The largest cluster contained 275 million files and had information such as caller names, phone numbers, and locality of callers, along with other sensitive information. One database in the cluster was identified to consist of transcribed voicemail messages which contained a selection of sensitive records like data about financial loans and prescribed medications. Over 2 million voicemail records were in that subset of information, 200,000 of which were transcribed.
The voicemails included telephone numbers, caller names, internal identifiers, voicemail box identifiers, and the transcripts contained personal details including full names, birth dates, phone numbers, and other details. Voicemails retained at medical clinics which include particulars of prescriptions and medical processes. Data with regards to loan queries were additionally exposed, together with a number of insurance policy numbers.
Diachenko notified Broadvoice about the breached Elasticsearch cluster and the company took immediate action to block any unauthorized access. Broadvoice CEO Jim Murphy said that they learned on October 1st that a security researcher obtained access to a subset of b-hive files. The information was kept in an unintentionally unsecured storage service on September 28th and was kept secure again on October 2nd. Diachenko confirmed on October 4, 2020 that the Elasticsearch cluster is no longer accessible.
At this time, there is no reason to think there was a misuse of data. A third-party forensics company is analyzing the information and will give more details and updates to consumers and partners.
Broadvoice submitted a breach report to law enforcement and is looking into the breach. It is presently uncertain if somebody other than Diachenko located and accessed the databases.
Although the majority of the databases comprised only limited data, hackers would find it valuable and use it to quickly target clients of Broadvoice in phishing scams. The records in the database can be employed to tell consumers that they were in touch with Broadvoice, and they may be fooled into exposing other sensitive information or giving fraudulent payments.
Persons whose data was listed in the voicemail transcripts will be most in danger, as further data may be utilized to create convincing and enticing phishing campaigns.
Comparitech researchers have formerly shown that people are continually scanning for unsecured databases and that they are frequently found within hours of exposure. Their research confirmed that efforts were made to gain access to their Elasticsearch honeypot in 9 hours of the data’s exposure. When databases are spidered by search engines like Shodan and BinaryEdge attacks happen within just a couple of minutes.
Comparitech researchers monitor the internet to find exposed records and send breach reports to the database owners. Their aim is to have the data secured and all related parties informed immediately to reduce the possible damage brought about.