Once again a major data leak has happened due to a misconfigured server. This time, a security researcher found an ElasticSearch database that had been exposing millions of call logs, SMS/MMS logs, and plaintext names, login credentials and API keys for internal systems to the Internet for over half a year.
Threat actors could have easily obtained the highly sensitive information that was accessible since June of last year. The leaky database belongs to VOIPO, a provider of phone services over the Internet. After the security researcher alerted the company earlier this month, the server was taken offline.
Read more: VOIPO Database Exposes Millions of Texts, Call Logs