Led by Noam Rotem,vpnMentorsresearch team recently discovereda data breach from telemarketing company CallX.
Unfortunately,CallX failed to adequately secure audio recordings and text chat transcriptions from its clients.
As a result, over 100,000 private files were publicly accessible,compromising thousands of peoples privacy and safety.
The company marketstechnology and services to help businesses track and improve their media buying and inbound marketing operations.
CallXs software provides detailed analytics so clients can track the performance of their marketing campaigns and teams.
Numerous pages contain Lorem Ipsum placeholder text or simply dont work.
However, the company still boasts plenty of clients, including some well-known brands in the US.
Understanding a breach and its potential impact takes careful attention and time.
We work hard to publish accurate and trustworthy reports, ensuring everybody who reads them understands their seriousness.
Many companies using AWS are not aware of this.
We immediately contacted CallX to notify it of the vulnerability and provide guidance on securing an S3 bucket.
Most of the files wereaudio recordings of phone conversationsbeing tracked by the companys marketing software.
There were alsotranscripts from over 2,000 text chats.
These conversations were taking place between CallX clients and their customers.
However, it appears thatCallX was storing data from various clients all in one place.
For CallX
CallX also faces several dangers as a result of the data breach.
The company is based in California, and many people affected by the data breach probably reside there.
Each of these outcomes could be detrimental to CallXs business and revenue in the short term and long term.
To learn about data vulnerabilities in general,read ourcomplete guide to online privacy.
It shows you the many ways cybercriminals target internet users and the steps you might take to stay safe.
They then examine each data store for any data being leaked.
Our team was able to access this S3 bucket because it was completely unsecured and unencrypted.
These ethics also mean we carry a responsibility to the public.
CallX users must be aware of a data breach that exposes so much of their sensitive data.
The purpose of this web mapping project is tohelp make the internet safer for all users.
We never sell, store, or expose any information we encounter during our security research.
Our ethical security research team has discovered and disclosed some of the most impactful data breaches in recent years.
This has included uncovering potential criminal activities and scams targeting users onSpotify,Instagram, andFacebook.
We also revealed that a group offree VPNs were secretly tracking their users activityand data and leaking it online.
You may also want to read ourVPN Leak Report and Data Privacy Stats Report.
Help Us Protect the Internet!
Introducing The Leak Box.
