Back to Blog

Unprotected VOIP Server Exposed Millions of SMS Messages, Call Logs

January 17, 2019

By: mirabiliscorp

 

A California-based Voice-Over-IP (VoIP) services provider VOIPO has accidentally left tens of gigabytes of its customer data, containing millions of call logs, SMS/MMS messages, and plaintext internal system credentials, publicly accessible to anyone without authentication.

VOIPo is one of a leading providers of Voice-Over-IP (VoIP) services in the United States offering reseller VoIP, Cloud VoIP, and VoIP services to residentials and small businesses.

Justin Paine, the head of Trust & Safety at CloudFlare, discovered an open ElasticSearch database last week using the Shodan search engine and notified the VOIPO’s CTO, who then promptly secured the database that contains at least 4 years of data on its customers.

According to Paine, the database contained 6.7 million call logs dating back to July 2017, 6 million SMS/MMS logs dating back to December 2015, and 1 million logs containing API key for internal systems.

While the call logs included timestamp and duration of VOIPO customers’ VOIP calls and partial originating and destination phone numbers of those calls, the SMS and MMS logs even included the full content of messages.

Besides this, the unprotected database also stored 1 million logs containing references to internal hostnames, some of which also included plaintext usernames and passwords for those systems. These sensitive values were exposed since June 3, 2018.

More: https://thehackernews.com/2019/01/voip-service-database-hacking.html?fbclid=IwAR3MUyHbfv8Ck5QBrrxXi-Bci8vQiRZWGI8v1YxdPIjuQnZACpC4QEUfx-Y&&m=1

Contact us

Safety is essential to your decision making. We are sure that our team can clarify any doubts. After all, we understand security.

contact@sikur.com

Follow us

Try SIKUR





Contact Us
First Name*
Last Name*
E-mail*
Mobile Number*
Company*
Country*
Tell us what do you need* ?
Products: Hold CTRL+Click to add more than 1.* ?
Comments
I agree to the Privacy Policy and Terms of Service.