The exposed database was being updated in realtime with new logs while 1.48 million robocall logs were accessed by researchers initially.
The WebsitePlanet research team alongside Jeremiah Fowler, an IT security researcher, discovered an insecure database that had no password protection and contained a large number of phone call records as well as VOIP (Voice Over Internet Protocol) related data.
The dataset was exposed for almost 24 hours and the database kept growing in real-time with thousands of calls per hour being added to the records.
From the time when it was exposed till when it was secured again, the database logged 1.48 million robocalls altogether and the majority of the calls were outgoing but some call-backs were also logged.
SEE: Marketing firm CallX leaks user data, call recordings
The database belonged to 200 Networks, LLC, a company based in Reno, Nevada. The security researchers informed the company of their findings and 200 Networks restricted public access shortly after.
Since the database was open and visible in any browser and quite easily publicly accessible, anyone with malicious intentions could have made changes such as editing, downloading, or even deleting the data without having any sort of administrative credentials.
In total, according to researchers, 1,481,280 records were accessible and they continued to increase until the access was restricted. Exposed records contained internal information, SIP, Caller ID, call pathways IPs, and Ports.
Moreover, there were also Caller ID numbers in the form of the IP address and then the phone ..
Support the originator by clicking the read the rest link below.
