A huge data breach at US VoiP provider Broadvoice has exposed more than 350 million customer records, including names, phone numbers and even call transcripts.
According to security researchers, a configuration error made it easy to access 10 databases belonging to the company. The discovery of the leak was made by Bob Diachenko, a security consultant, in collaboration with Comparitech, a technology research firm.
The leak is particularly concerning for two reasons. Firstly, the exposed call transcripts include voicemails left with medical outlets and financial services firms, representing a significant privacy breach. Secondly, the leaking of personally identifiable information could be put to use by cyberattackers in follow-up phishing campaigns.
- We've put together a list of the best password managers out there
- The best antivirus rescue disks
- Also, check out our analysis of whether paid or free antivirus is right for you
Although Broadvoice acted quickly to patch the security flaw, it is too early to say with any certainty if the leaked data has been accessed. According to the Broadvoice CEO Jim Murphy, the relevant legal authorities have already been notified.
Open and exposed
“We are currently engaging a third-party forensics firm to analyze this data and will provide more information and updates to our customers and partners,” Murphy explained in a statement. “We cannot speculate further about this issue at this time. We sincerely regret any inconvenience this may cause.”
Initial reports suggest that the leak occurred because a Broadvoice database was left open without any authentication required for access.
VoiP calls are sometimes touted as being more secure than those that take place over traditional landline services. However, neither approach can completely safeguard user data. As the Broadvoice leak demonstrates, human error will continue to play an important role, even as security solutions become increasingly sophisticated.
- We've also highlighted the best antivirus software