The exposed database was being updated in realtime with new logs while 1.48 million robocall logs were accessed by researchers initially.
The WebsitePlanet research team alongside Jeremiah Fowler, an IT security researcher, discovered an insecure database that had no password protection and contained a large number of phone call records as well as VOIP (Voice Over Internet Protocol) related data.
The dataset was exposed for almost 24 hours and the database kept growing in real-time with thousands of calls per hour being added to the records.
From the time when it was exposed till when it was secured again, the database logged 1.48 million robocalls altogether and the majority of the calls were outgoing but some call-backs were also logged.
The database belonged to 200 Networks, LLC, a company based in Reno, Nevada. The security researchers team informed the company of their findings and 200 Networks restricted public access shortly after.
Since the database was open and visible in any browser and quite easily publicly accessible, anyone with malicious intentions could have made changes such as editing, downloading, or even deleting the data without having any sort of administrative credentials.
In total, according to researchers, 1,481,280 records were accessible and they continued to increase until the access was restricted. Exposed records contained internal information, SIP, Caller ID, call pathways IPs, and Ports. Moreover, there were also Caller ID numbers in the form of the IP address and then the phone number and “Destination Numbers” of the recipients.
The unsuspecting callers are exposed to a variety of risks due to this data breach. Other than the obvious breach of privacy due to the exposition of their phone numbers, cybercriminals could also exploit technical records such as IP addresses, Ports, Pathways, and storage info to potentially access deeper into the network.
Even the company, 200 Networks, is affected largely because their database was at risk for ransomware and according to researchers, there was evidence of an automated Meow bot attack.
Further potential risks include the firm being attacked by middleware and build information (this would allow for a secondary path for malware) as well as the possibility of something called “phreaking.”
Phreaking would allow cybercriminals to not only get ‘free’ access to the calling network but also intercept information from the calls such as billing or payment information, sensitive business data, medical or other personal information, voicemails, and the list goes on.