Estimated reading time: 2 minutes, 29 seconds

350 Million Customer Records Exposed due to Broadvoice Leak Featured

350 Million Customer Records Exposed due to Broadvoice Leak Daan Mooij

Broadvoice takes data privacy and security seriously read the first sentence of the US-based cloud VoiP provider’s press release published on October 15, 2020 via Threatpost. For five days between September 28th and October 2nd, over 350 million customer records were left exposed online where anyone could access them.  

Voicemail recordings and over 200,000 transcripts were among the exposed records which included sensitive information such as phone numbers, medical conditions, and insurance policies.

The data leak was discovered by Security researcher Bob Diachenko and Comparitech on October 1st. Diachenko promptly told Broadvoice of their finding which lead to the data being secured the next day. But for four days, sensitive information was left unattended where criminals could obtain critical information about Broadvoice’s customers that they could turn around and use nefariously.

In the same press release, Broadvoice CEO Jim Murphy stated, “At this point, we have no reason to believe that there has been any misuse of the data.” He noted that the authorities have been informed and they will be investigating the matter.

When asked for comment, Comparitech explained, “The leaked database represents a wealth of information that could help facilitate targeted phishing attacks. In the hands of fraudsters, it would offer a ripe opportunity to dupe Broadvoice clients and their customers out of additional information and possibly into handing over money.” The pro-consumer website based in the United Kingdom noted that a hacker could use the information found in the exposed database to coheres customers into thinking that they work for the company – convincing them to hand over their login credentials or other sensitive data. This form of hacking is also known as a phishing attack.

According to Privacy Rights Clearinghouse, there have been over 9,000 data breaches between 2005 and 2018 with an average breach costing roughly $4 million dollars. While many organizations invest in secure technology to keep their data safe, data breaches are becoming all the more common as hackers become more advanced. In fact, according to Cybersecurity Ventures, the cost of cybercrimes will reach $6 trillion dollars by 2021. These are just some cybercrime statistics that prove companies have to be vigilant in protecting their data – which makes Broadvoice’s flub that much more alarming.

It is too early to speculate whether or not Diachenko was the only person to view those exposed records or how many of Broadvoice’s customers the mishap affected. So far Broadvoice has launched an investigation, alerted the federal law enforcement and is working with Diachenko to make sure he destroys all of the records he found. At the moment the company stated, we have no reason to believe that there has been any misuse of the data.”

The investigation is ongoing but Broadvoice has assured the public that they have hired a third-party forensic firm to analyze the data. In the press release, the company promises, “We will provide more information and updates to our customers and partners upon completion of the investigation. We cannot speculate further about this issue at this time.”

 

Read 247 times
Rate this item
(0 votes)
Danielle Loughnane

Danielle Loughnane earned her B.F.A. in Creative Writing from Emerson College and has currently been working in the data science field since 2015. She is the author of a comic book entitled, “The Superhighs” and wrote a blog from 2011-2015 about working in the restaurant industry called, "Sir I Think You've Had Too Much.” In her spare time she likes reading graphic novels and snuggling with her dogs.

Visit other PMG Sites:

click me
PMG360 is committed to protecting the privacy of the personal data we collect from our subscribers/agents/customers/exhibitors and sponsors. On May 25th, the European's GDPR policy will be enforced. Nothing is changing about your current settings or how your information is processed, however, we have made a few changes. We have updated our Privacy Policy and Cookie Policy to make it easier for you to understand what information we collect, how and why we collect it.