Cloud leak exposed sensitive data from over 200,000 voicemails

This site is reader-supported. When you click through links on our site, we may be compensated.

Close-up of two IT technician talking and looking at their digital tablets while examining servers.


vm via Getty Images

Some data leaks contain more sensitive info than most. Security researcher Bob Diachenko and Comparitech discovered (via Threatpost) that Broadvoice, a cloud VoIP provider for businesses, left over 350 million records exposed online in an unprotected cluster, including 2 million voicemail records with 200,000 transcripts. Many of those transcripts included sensitive data, and not just common elements like names and phone numbers — medical conditions, mortgages and insurance policies were all left open.

The largest general data collection, 275 million records, typically included full names, phone numbers, and cities.

The company told Comparitech that the data had been stored on September 28th and was locked down October 2nd, a day after Diachenko notified Broadvoice. There hasn’t been evidence of “misuse” so far, the company said. Marketing VP Rebecca Rosen told Threatpost that it believed “less than 10,000” businesses were impacted, although that doesn’t say how many of those companies’ customers were at risk.

The practical damage appears to have been limited as a result. Even so, this illustrates the dangers of insecure data. The wrong decision can expose vast amounts of info, and it can only take a subset of that data to create serious problems.

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.