Exploit: Unsecured Server
CallX: Telemarketing Firm
Risk to Small Business: 1.727 = Severe
An unsecured AWS S3 bucket has been leaking information gathered by CallX, whose analytics services are utilized by a wide array of companies including LendingTree, Liberty Mutual Insurance and Vivint to improve their media buying and inbound marketing. Discovered by researchers, 114,000 files were left publicly accessibly in the leaky bucket. Most of these were audio recordings of phone conversations between CallX clients and their customers, which were being tracked by the firm’s marketing software. An additional 2000 transcripts of text chats were also viewable.
Individual Risk: 1.447 = Extreme
Personally identifiable information (PII) contained in these files included full names, home addresses, phone numbers and call details. The leaked data can be used to launch spear phishing attacks and other fraud.
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Information like this makes its way quickly to the bustling data markets and dumps on the dark web, seeding future trouble.