Broadvoice Data Leak Exposes 350 Million Personal Records

Broadvoice Data Breach

Unsecured Database Leaks Personal Records and Voicemails

On October 1, 2020, security researchers at Comparitech discovered an unsecured database belonging to Broadvoice, a cloud-based communication company, that contained more than 350 million customer records, including voice message transcripts. The exposed Elasticsearch database enclosed personal details such as caller names, caller identification number, phone number, and location along with voicemail transcripts. A separate collection held over two million voicemail records, 200,000 of which included transcripts from various organizations that use the cloud voicemail system such as medical clinics, insurance companies, and financial institutions disclosing medical information, mortgages, and loans information, and insurance policy numbers. Continue reading

What is Vishing? Voice Phishing Scams to Avoid

man on phone victim of vishing scam

What is vishing?

Vishing is a phone scam type of phishing attack. The word “vishing” comes from “voice” and “phishing”. Phishing scams are most often done through email, named by the idea that a fraudster is dangling a hook or a lure to get unsuspecting victims to reveal sensitive information, like usernames, passwords, or credit card details, through an email response or by clicking a link and entering the data on a website. In a vishing attack, a scammer uses a phone call to target their victims and steal information, money, or both.

Vishing can also be a type of social engineering scam — that is, the criminal uses specific or “vague enough to be real” details about the victim to get them to believe the scam caller is real and should be trusted. Vishing calls may come from a blocked number, or a fake or spoofed phone number used to impersonate a legitimate person or organization. Fraudsters also use robocalls to carry out vishing schemes on a larger scale. Continue reading