Nearly four years of call data left exposed on open web
In January 2019, the security researcher Justin Paine discovered that the California-based voice over IP provider Voipo had left exposed an unprotected database containing tens of gigabytes of call logs, other internal documents, and customer text messages, including password resets and two-factor authentication codes, all dated between May 2015 and January 8, 2019. The material could have given an attacker deep access to the company's systems. When Paine contacted the company's chief technology officer, the database was taken offline before Paine even told him where to look. The logs also contained credentials that granted access to Voipo's provider of E911 services. None of the data was encrypted.
Writer: Zack Whittaker