[BreachExchange] Call Center Provider Experiences Major Data Leak
Destry Winant
destry at riskbasedsecurity.com
Tue Mar 30 08:32:13 EDT 2021
https://www.hackread.com/call-center-provider-experiences-data-leak/
The exposed database was being updated in realtime with new logs while
1.48 million robocall logs were accessed by researchers initially.
The WebsitePlanet research team alongside Jeremiah Fowler, an IT
security researcher, discovered an insecure database that had no
password protection and contained a large number of phone call records
as well as VOIP (Voice Over Internet Protocol) related data.
The dataset was exposed for almost 24 hours and the database kept
growing in real-time with thousands of calls per hour being added to
the records.
>From the time when it was exposed till when it was secured again, the
database logged 1.48 million robocalls altogether and the majority of
the calls were outgoing but some call-backs were also logged.
The database belonged to 200 Networks, LLC, a company based in Reno,
Nevada. The security researchers informed the company of their
findings and 200 Networks restricted public access shortly after.
Since the database was open and visible in any browser and quite
easily publicly accessible, anyone with malicious intentions could
have made changes such as editing, downloading, or even deleting the
data without having any sort of administrative credentials.
In total, according to researchers, 1,481,280 records were accessible
and they continued to increase until the access was restricted.
Exposed records contained internal information, SIP, Caller ID, call
pathways IPs, and Ports.
Moreover, there were also Caller ID numbers in the form of the IP
address and then the phone number and “Destination Numbers” of the
recipients.
The unsuspecting callers are exposed to a variety of risks due to this
data breach. Other than the obvious breach of privacy due to the
exposition of their phone numbers, cybercriminals could also exploit
technical records such as IP addresses, Ports, Pathways, and storage
info to potentially access deeper into the network.
Even the company, 200 Networks, is affected largely because their
database was at risk for ransomware and according to researchers,
there was evidence of an automated Meow bot attack.
Further potential risks include the firm being attacked by middleware
and build information (this would allow for a secondary path for
malware) as well as the possibility of something called “phreaking.”
Phreaking would allow cybercriminals to not only get ‘free’ access to
the calling network but also intercept information from the calls such
as billing or payment information, sensitive business data, medical or
other personal information, voicemails, and the list goes on.
More information about the BreachExchange
mailing list