CallX Data Breach (2020)

A US telemarketing company has leaked the personal details of potentially tens of thousands of consumers after misconfiguring a cloud storage bucket, Infosecurity can reveal. A team at vpnMentor led by Noam Rotem found the unsecured AWS S3 bucket on December 24 last year. It was traced to Californian business CallX, whose analytics services are apparently used by clients to improve their media buying and inbound marketing. According to its website, the firm counts lending marketplace Lendingtree, Liberty Mutual Insurance and smart security vendor Vivint among its customers. Rotem found 114,000 files left publicly accessibly in the leaky bucket. Most of these were audio recordings of phone conversations between CallX clients and their customers, which were being tracked by the firm’s marketing software. An additional 2000 transcripts of text chats were also viewable. Personally identifiable information (PII) contained in these files included full names, home addresses, phone numbers and more. With the leaked data, attackers could launch convincing phishing, fraud and vishing attacks, warned vpnMentor.