350 million customer details leaked in Broadvoice scandal

(Image credit: Shutterstock)

A huge data breach at US VoiP provider Broadvoice has exposed more than 350 million customer records, including names, phone numbers and even call transcripts. 

According to security researchers, a configuration error made it easy to access 10 databases belonging to the company. The discovery of the leak was made by Bob Diachenko, a security consultant, in collaboration with Comparitech, a technology research firm.

The leak is particularly concerning for two reasons. Firstly, the exposed call transcripts include voicemails left with medical outlets and financial services firms, representing a significant privacy breach. Secondly, the leaking of personally identifiable information could be put to use by cyberattackers in follow-up phishing campaigns.

Although Broadvoice acted quickly to patch the security flaw, it is too early to say with any certainty if the leaked data has been accessed. According to the Broadvoice CEO Jim Murphy, the relevant legal authorities have already been notified.

Open and exposed

“We are currently engaging a third-party forensics firm to analyze this data and will provide more information and updates to our customers and partners,” Murphy explained in a statement. “We cannot speculate further about this issue at this time. We sincerely regret any inconvenience this may cause.”

Initial reports suggest that the leak occurred because a Broadvoice database was left open without any authentication required for access.

VoiP calls are sometimes touted as being more secure than those that take place over traditional landline services. However, neither approach can completely safeguard user data. As the Broadvoice leak demonstrates, human error will continue to play an important role, even as security solutions become increasingly sophisticated.

Via Infosecurity

Barclay Ballard

Barclay has been writing about technology for a decade, starting out as a freelancer with ITProPortal covering everything from London’s start-up scene to comparisons of the best cloud storage services.  After that, he spent some time as the managing editor of an online outlet focusing on cloud computing, furthering his interest in virtualization, Big Data, and the Internet of Things.