Marketing firm CallX exposed customers data including call recordings

Marketing firm CallX exposed customers data including call recordings


 


Recently, there has been a data breach from a telemarketing company called CallX which sells marketing services and software to enterprise clients, allowing businesses to track the performance of their media buying and telemarketing marketing operations.


The data breach was discovered by vpnMentor’s Research team led by Noam Rotem. According to their report, Over a hundred thousand private files (including audio recordings and text chat transcriptions) were publicly accessible which compromised thousands of people’s privacy and safety. 


SEE: ViceLeaker Android malware steals call recordings, photos, videos & texts


CallX was using an unsecured Amazon Web Services S3 bucket to store audio client files. These buckets are a popular form of enterprise cloud storage but they also require users to set up their own security protocols and many companies using AWS are not aware of this.


The research team discovered CallX’s S3 bucket and was able to view it due to insufficient security. CallX was storing data from various clients all in one place and in the audio and text conversations, customers revealed vast amounts of private information including full names, phone numbers, home addresses, call back dates for phone calls, and additional personal information.


In a blog post, VpnMentor warned that with the leaked data, attackers could launch convincing phishing and fraud attacks and stated, “If cyber-criminals needed additional information, they could hijack calls logged by CallX and do fake ‘follow-up’ phone calls or emails posing as a representative of the relevant CallX client company.” 



 


Due to the data breach, not only their customers will be ..