Tuesday, January 22, 2019

VoIPo.com Leak, VoIP Service Provider Lets A Huge User Data Database Open Online

 
Change your password if you are a VoIPo customer. VoIP provider left open a data base of real production data, follow the link below to learn more.

A researcher has discovered an exposed database containing gigabytes of call logs, SMS data, and internal system credentials belonging to US Voice-over-IP (VoIP) service provider VOIPo.com.

The researcher trawled using Shodan for something left out in the open that shouldn’t have been and is amazed at what they find. The finder of this leak was Cloudflare’s Justin Paine, who on 8 January used this technique to spot an unsecured (i.e. not password protected) Elasticsearch server containing nearly 15 million documents.


This included what appear to be customer logs dating back to July 2018, and SMS/MMS logs (including time and message content) dating back to December 2015. A sample SMS published by Paine appears to be a marketing message. The extend of the leak and data could be found at this article.

0 comments:

Blog Widget by LinkWithin