Computer techologies

VOIPO's unsecured server stored millions of SMS messages and call logs.

");} else {$ ('# mpu0-desktop'). remove (); console.log ('mpu0-desktop removed');}});

");} else {$ ('# mpu1-desktop'). remove (); console.log ('mpu1-desktop removed') ;}});

We recommend to read: [19659008] Xakep # 237. Darknet 2018
  • Issue Content
  • Hacker Subscription

The head of Trust & Safety at CloudFlare, Justin Paine, using a banal search through Shodan, discovered the unprotected ElasticSearch installation, which later became clear belonged to the Californian VoIP-telephony provider VOIPO. The unprotected database found by Paine contained data from the company's customers for at least the last four years.

In total, the expert found 6.7 million call logs, with partial phone numbers of the calling and receiving parties, time stamps, data on the duration of calls. The oldest magazines were dated July 2017. Also on the server were stored 6 million SMS / MMS, including time stamps and the contents of the messages themselves. The oldest of them were dated December 2015. In addition, about a million documents contained API keys for various internal systems, and sometimes you could even stumble upon usernames and passwords in plain text format.

The expert notes that the main problem in this case is the leaked credentials, the use of which In theory, attackers could have led to a complete compromise of various systems.

At the present time, VOIPO employees have already solved the problem and secured the problematic ElasticSearch installation. The company reported that the server was used for test needs and was left unprotected accidentally, and also confirmed that the database contained “reliable data”, but did not specify which ones.