A server of Stratics Networks — a ringless voicemail provider — was left open and accessible to anyone with a web browser, exposing more than 100,000 incoming and outgoing call recordings, according to a published report.
The recordings were in 4,000 separate folders, each representing a customer’s campaign. Among the folders that were reviewed, one included calls made by counties in Florida reminding residents that election postal ballots were set to expire. Others included calls offering help preparing income tax returns and duct inspections. Some of the call recordings contained “sensitive” information, such as names, addresses, and dates of birth.
When notified of the exposed recordings, Stratics secured the server in question, which was hosted by Amazon Web Services.
Stratics records all of its voicemail “insertions” to ensure a message is actually dropped into an individual’s cell phone voicemail, but also records calls when someone picks up the phone, according to the published report. In some cases, ringless voicemails are not automatically dropped into an individual’s cell phone voicemail queue and instead are connected as an incoming call. As well, messages can include an option to initiate a live transfer to a call center agent. The recordings that were exposed were incoming calls, according to the published report.
Along with ringless voicemail, Stratics also offers voice broadcasting and bulk test message drops, according to the company’s website.
“We take compliance and data security very seriously, and we are currently investigating to determine to what extent, if any, information has been exposed to unauthorized access,” said Chris Collins, a spokesperson for Stratics, when contacted by TechCrunch about the exposed recordings. “We have currently engaged an outside legal firm to guide us in our investigation. We are also engaging a third party cyber security firm to perform a full internal security audit.”