Unsecured Database Leaks Personal Records and Voicemails
On October 1, 2020, security researchers at Comparitech discovered an unsecured database belonging to Broadvoice, a cloud-based communication company, that contained more than 350 million customer records, including voice message transcripts. The exposed Elasticsearch database enclosed personal details such as caller names, caller identification number, phone number, and location along with voicemail transcripts. A separate collection held over two million voicemail records, 200,000 of which included transcripts from various organizations that use the cloud voicemail system such as medical clinics, insurance companies, and financial institutions disclosing medical information, mortgages, and loans information, and insurance policy numbers.
The Danger Lurks in Phishing, Vishing, and Smishing
Robocalls made with a familiar phone number or texts asking you to confirm an appointment may sound more convincing when the crook on the phone has more details than ever about your day to day life. Scammers are prepared to deploy bulk vishing and smishing messages to capture victims’ Personally Identifiable Information (PII) as soon as the opportunity arises through easy access to unsecured databases. Data leaks like this help facilitate fraudulent activities once it makes its way to cybercriminals through the Dark Web. Fueled with extra details from previous data breaches, fraudsters are able to manipulate their messaging and get you to share sensitive information that may result in loss of money, credit card fraud, medical identity theft, and identity fraud. Just because emails may not have been exposed in this particular security incident does not leave victims any safer from phishing scams. With the number of personal records and databases hackers have access to, it’s as easy as a phone number search.
Resources to Safeguard Your Personal Information
- Think before you share. If a phone call sounds suspicious, hang up. Calling the number back will only connect you with the scammer again. Look up the correct number yourself through an organization’s website or phone directory if you want to confirm the status of the topic at hand.
- Register for the FTC National Do Not Call Registry or use a call blocker app. These tasks can help reduce the number of unwanted scam and robocalls you receive, but it’s not foolproof. FCC has been working with telecommunications providers to create new ways to digitally validate Caller IDs (through the so-called STIR/SHAKEN authentication standards). This would greatly reduce the incidence of spoofing, and we think it would bring welcome relief to millions of Americans.
- Keep scams top of mind. Scammers will never stop scamming as long as your personal information is up from grabs.