Broadvoice leak: voicemail and transcripts exposed

The now well-known security researcher Bob Diachenko, in collaboration with the Comparitech team, discovered a leak that interested the company Broadvoice specialized in VoIP services: a server containing about 350 million records remained exposed and reachable by anyone. Of these, 2 million refer to voicemail and another 200,000 to transcripts of messages exchanged.

Security incident for the Broadvoice provider

Potentially huge risks for privacy: we talk about communications with references to the health conditions of patients treated in the clinics that have relied on the platform as well as to the financial situations of customers followed by banking institutions. To this are added names, surnames, telephone numbers, addresses etc. Approximately 10,000 companies would be affected, all Broadvoice customers.

The archive appears to have remained on display for the period from 28 September to 2 October, taken offline the day after the report. At the moment there are no reports of abuse, but it cannot be ruled out that someone has downloaded or consulted it with the intention of using it for malicious purposes: phishing campaigns or other types of scams.

This is not the first story of this type that we report on these pages. Unfortunately, similar incidents have multiplied over the last few years: an indirect consequence of the shift of more and more services to the cloud which for obvious reasons must be accompanied by the adoption of adequate measures to ensure the security of the information collected, processed and stored.

Source: Threatpost