Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Share Post: Reddit Facebook
Telemarketing Biz Exposes 114,000 in Cloud Config Error
#1
Quote:A US telemarketing company has leaked the personal details of potentially tens of thousands of consumers after misconfiguring a cloud storage bucket, Infosecurity can reveal.
 
A team at vpnMentor led by Noam Rotem found the unsecured AWS S3 bucket on December 24 last year. It was traced to Californian business [color=var(--theme-link_a)]CallX, whose analytics services are apparently used by clients to improve their media buying and inbound marketing.[/color]
 
According to its website, the firm counts lending marketplace Lendingtree, Liberty Mutual Insurance and smart security vendor Vivint among its customers.
 
Rotem found 114,000 files left publicly accessibly in the leaky bucket. Most of these were audio recordings of phone conversations between CallX clients and their customers, which were being tracked by the firm’s marketing software. An additional 2000 transcripts of text chats were also viewable.
 
Personally identifiable information (PII) contained in these files included full names, home addresses, phone numbers and more.
 
With the leaked data, attackers could launch convincing phishing, fraud and vishing attacks, warned vpnMentor.
 
“If cyber-criminals needed additional information, they could hijack calls logged by CallX and do fake ‘follow-up’ phone calls or emails posing as a representative of the relevant CallX client company,” it claimed.
 
“Using the transcripts, it would be easy to establish trust and legitimacy with targets in such schemes. As the people exposed have no apparent relationship to one another, by the time the fraud was discovered, it may be too late.”
 
CallX may also be at risk of regulatory scrutiny as it’s under the jurisdiction of new Californian privacy law CCPA.
 
Unfortunately, the bucket remains open at the time of writing. Both Infosecurity and vpnMentor have tried to contact CallX with no response. The research team first reached out to the firm on January 3 2021 and then to AWS on January 6. The cloud provider is also believed to have contacted CallX about the leak, and the US-CERT has been informed.
 
Misconfiguration of cloud storage isn’t just a security issue, it can quickly become a major business risk.
 
“Due to the bad publicity a data breach like this can create, CallX’s clients may distance themselves from the company and switch to rival software providers,” [color=var(--theme-link_a)]warned vpnMentor. “Those same rivals could exploit the breach to lure CallX clients away through negative marketing campaigns.”[/color]

Source
Reply


Possibly Related Threads…
Thread Author Replies Views Last Post
  Unsecured Database Exposes Personal Data of 35M U.S. Citizens mrtrout 0 969 08-04-2021 , 04:37 AM
Last Post: mrtrout
  Data breach exposes information of more than 200,000 MultiCare staff, patients Bjyda 0 1,316 03-13-2021 , 12:07 AM
Last Post: Bjyda
  NAT Slipstreaming 2.0 Exposes Devices on Internal Networks to Remote Attacks Bjyda 0 3,994 01-26-2021 , 11:51 PM
Last Post: Bjyda
  Update French daily Le Figaro database exposes users guardian 0 1,406 05-02-2020 , 07:23 AM
Last Post: guardian
  Unprotected Database Exposes Details of 93.4 Million Mexican Voters baziroll 0 2,536 04-22-2016 , 10:39 PM
Last Post: baziroll



Users browsing this thread: 1 Guest(s)