Voipo Database Exposed SMS Messages

Back in November a company called Voxox exposed an SMS database with millions of text messages. Now it’s revealed a company called Voipo did the same thing (via TechCrunch).

[Latest Data Breach: SMS Text Database Exposed]

Voipo Exposed

Voipo, a communications provider out of Lake Forest, California, exposed tens of gigabytes of customer data. Security researcher Justin Paine discovered the database last week, and reached out to inform the company’s CTO.

But before Mr. Paine told them where to look, the database had been taken offline, suggesting the company was aware of the problem. It’s a huge database containing 7 million call logs, 6 million text messages, and internal documents with passwords store in plain text.

image of voipo message log
The message logs contained the full content of text messages. Image credit: Justin Paine

VOIPO indicated this was a development server that had accidentally been left publicly accessible. However, they also confirmed in their reply to me that the database also contained “valid data” — i.e. real production data. They did not specify which data was allegedly development data and which was production data though. 

Justin Paine

Voipo CEO Timothy Dick said the company found no evidence in logs or on its network that a data breach happened.

[Chinese Hackers Responsible for Marriott Data Breach]

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.