Some data leaks contain more sensitive info than most. Security researcher Bob Diachenko and Comparitech discovered (via Threatpost) that Broadvoice, a cloud VoIP provider for businesses, left over 350 million records exposed online in an unprotected cluster, including 2 million voicemail records with 200,000 transcripts. Many of those transcripts included sensitive data, and not just common elements like names and phone numbers — medical conditions, mortgages and insurance policies were all left open.
The largest general data collection, 275 million records, typically included full names, phone numbers, and cities.
The company told Comparitech that the data had been stored on September 28th and was locked down October 2nd, a day after Diachenko notified Broadvoice. There hasn’t been evidence of “misuse” so far, the company said. Marketing VP Rebecca Rosen told Threatpost that it believed “less than 10,000” businesses were impacted, although that doesn’t say how many of those companies’ customers were at risk.
The practical damage appears to have been limited as a result. Even so, this illustrates the dangers of insecure data. The wrong decision can expose vast amounts of info, and it can only take a subset of that data to create serious problems.