The ability to view the database was made possible with no authentication required for access. The issue was detected by Comparitech researchers, who discovered the unprotected Elasticsearch cluster. This contained several data collections comprising a total of more than 350 million records including caller names, phone numbers, and locations, among other data.
One database was found to have included transcriptions of hundreds of thousands of voicemails, many involving sensitive information such as details about medical prescriptions and financial loans. Broadvoice reported the breach to law enforcement and is investigating the breach.
Delving into the issue for Digital Journal, Keith Neilson, Technical Evangelist, CloudSphere looks at the recurring issues impacting on databases.
Neilson says: “A database left open without any authentication required for access is a sure fire way for cybercriminals to obtain sensitive data. Fraudsters can leverage details in the 350 million exposed records to impersonate customers and launch targeted attacks like spearphishing campaigns to gain additional resources.”
Spearphishing refers to a type of email scam aimed towards a specific individual, organization or business. The aim is often to steal data for malicious purposes, alternatively cybercriminals can also use the attack process to install malware on a targeted user’s computer.
In terms of particular vulnerabilities, Neilson says: “Incidents like this are often caused by a lack of proper security and access management policies that alert businesses of any changes in policy and subsequent risks (like an expired or removed password). It’s critical for enterprises to adopt tools that provide full visibility of cloud environments to ensure data stays secure.”