A non-password protected database containing millions of log records has been found online.
Discovered by security researcher Jeremiah Fowler on October 28, the 138 million log records contained information that identified PrankDial.com as the owner of the database.
PrankDial is the world’s #1 prank calling service, according to the website. It’s parent company KickBackApps create a range of various apps including PhoneLine, PrankPad, PrankDial and Textr.
Upon further investigation Fowler discovered that the database contained 138 million log records in total – of which user emails, credentials, password reset tokens and user IP addresses were exposed.
In addition, the database contained internal IP addresses, ports, pathways and storage info that threat actors could exploit to access deeper into the network.
Fowler has attempted to contact KickBack Apps and PrankDial multiple times, but no one has yet to reply to acknowledge the discovery – but rather they have closed public access to the logs.
“It should be noted that I did not see phone numbers. I can only assume that the numbers are routed through a VOIP server and did not appear to be part of this dataset,” said Fowler.
The post #Privacy: Prank calling service exposes 138m records online appeared first on PrivSec Report.