{
	"id": "47227186-dcba-4921-af89-95ebc7edd8e2",
	"created_at": "2026-04-06T00:16:51.084689Z",
	"updated_at": "2026-04-10T03:20:47.947419Z",
	"deleted_at": null,
	"sha1_hash": "3e59247d54ee62ac7e2140652e6e2d51d5acdcb3",
	"title": "Broadvoice database of more than 350 million customer records exposed online",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 1184985,
	"plain_text": "Broadvoice database of more than 350 million customer records\r\nexposed online\r\nBy Paul Bischoff\r\nPublished: 2020-10-15 · Archived: 2026-04-05 14:33:20 UTC\r\nA Broadvoice database cluster holding more than 350 million records, many including personal details and\r\nvoicemail transcripts of Broadvoice clients’ customers, was left open online for anyone to view with no\r\nauthentication required for access, as discovered by Comparitech researchers.\r\nSecurity expert Bob Diachenko, working on behalf of Comparitech, uncovered the database information on\r\nOctober 1. He discovered the unprotected Elasticsearch cluster, which contained several data collections\r\ncomprising a total of more than 350 million records including caller names, phone numbers, and locations, among\r\nother data. One database included transcriptions of hundreds of thousands of voicemails, many involving sensitive\r\ninformation such as details about medical prescriptions and financial loans.\r\nBroadvoice CEO Jim Murphy gave Comparitech the following statement:\r\nBroadvoice takes data privacy and security seriously. We learned that on October 1st, a security\r\nresearcher was able to access a subset of b-hive data. The data had been stored in an inadvertently\r\nunsecured storage service Sept. 28th and was secured Oct. 2nd.\r\nThe company is taking the following steps to address the situation:\r\nWe launched an investigation and ensured the data had already been secured.\r\nWe alerted federal law enforcement and offered our full cooperation.\r\nWe are working with the security researcher to ensure that the data he accessed is destroyed.\r\nAt this point, we have no reason to believe that there has been any misuse of the data. We are\r\ncurrently engaging a third-party forensics firm to analyze this data and will provide more\r\ninformation and updates to our customers and partners. We cannot speculate further about this issue at\r\nthis time.\r\nWe sincerely regret any inconvenience this may cause.\r\nTimeline of the exposure\r\nHere’s a timeline of events as far as we are aware:\r\nOctober 1, 2020: Diachenko discovered the database. This is also the date that the database was first\r\nindexed by search engine Shodan.io. The same day, Diachenko sent a responsible disclosure to Broadvoice.\r\nHe received an automated reply but no further correspondence.\r\nOctober 4, 2020: The database had been secured.\r\nhttps://www.comparitech.com/blog/vpn-privacy/350-million-customer-records-exposed-online/\r\nPage 1 of 6\n\nAt this time, we do not know if unauthorized parties accessed the database during the time it was left available to\r\nthe public.\r\nWhat data was exposed?\r\nThe leaked data was stored in an Elasticsearch cluster that at the time of discovery did not need a password or\r\nother authentication to access it. The cluster included around 10 collections, the largest of which held more than\r\n275 million records that included the following:\r\nFull caller name\r\nCaller identification number\r\nPhone number\r\nState\r\nCity\r\nAnother collection held over two million voicemail records, at least 200,000 of which included transcripts. Most\r\nof these records contained:\r\nCaller name (full name, business name, or a generic name such as “wireless caller”)\r\nCaller phone number\r\nA name or identifier for the voice mailbox (for example, a first name or general label, such as “clinical\r\nstaff” or “appointments”)\r\nInternal identifiers\r\nhttps://www.comparitech.com/blog/vpn-privacy/350-million-customer-records-exposed-online/\r\nPage 2 of 6\n\nMany of the transcripts included select personal details such as full name, phone number, and date of birth, as well\r\nas some sensitive information. For example, some transcripts of voicemails left at medical clinics included names\r\nof prescriptions or details about medical procedures. In one transcript, the caller identified themselves by their full\r\nname and discussed a positive Covid-19 diagnosis.\r\nOther voicemails left for financial service companies included details about mortgages and other loans, while\r\nthere was at least one instance of an insurance policy number being disclosed.\r\nA collection entitled “people-production” appeared to contain account details for Broadvoice users. Looking at\r\naccount ID numbers, we were able to cross-reference entries with records in other collections. Based on\r\ninformation in this collection, it appears that most, if not all, of the exposed data pertains to users of XBP, a\r\nplatform that Broadvoice acquired several years ago.\r\nThe dangers of exposed data\r\nThe leaked database represents a wealth of information that could help facilitate targeted phishing attacks. In the\r\nhands of fraudsters, it would offer a ripe opportunity to dupe Broadvoice clients and their customers out of\r\nadditional information and possibly into handing over money. For example, criminals could pose as Broadvoice or\r\none of its clients to convince customers to provide things like account login credentials or financial information.\r\nAnyone whose data has been exposed in the leak should be on the lookout for emails, text messages, or phone\r\ncalls that ask for personal information. You should also avoid clicking on links or attachments in emails or\r\nmessages unless you absolutely trust the sender.\r\nOf particular concern here are the details in some of the voicemail transcripts. Information about things like\r\nmedical prescriptions and loan enquiries could be used to make messages extremely convincing and persuasive.\r\nPerhaps more concerning, some details such as insurance policy numbers and enquiries about financial loans\r\ncould be used in fraud attempts without any need for phishing. Customers should keep a close eye on financial\r\nhttps://www.comparitech.com/blog/vpn-privacy/350-million-customer-records-exposed-online/\r\nPage 3 of 6\n\nstatements and credit reports.\r\nAbout Broadvoice\r\nBroadvoice is a communications company offering several services to businesses including cloud PBX (an all-in-one cloud communication platform for connecting with customers), SIP trunking (multimedia IP communication\r\nnetworks), and contact center solutions.\r\nBroadvoice acquired XBP in 2017 to take advantage of its proprietary communications software. It has since\r\nretired the XBP brand, but the software remains an integral part of Broadvoice’s offerings.\r\nAs far as we know, neither company has been involved in a data leak prior to this exposure.\r\nWhy we reported this data incident\r\nSecurity researchers at Comparitech scan the internet looking for accessible databases that hold personal details.\r\nWhen we discover unsecured data, we determine what information is exposed, who it pertains to, who is\r\nresponsible for it, and what the potential impact of the exposure could be.\r\nWe then work quickly to inform responsible parties of the data leak so that the information can be secured. Then,\r\nin order to help raise awareness of data exposures in general and inform affected parties of this particular incident,\r\nwe publish a report (such as this one). Our aim is to have the data secured and all relevant parties informed as\r\nquickly as possible to minimize the potential damage caused.\r\nPrevious data incident reports\r\nThe Comparitech security team has uncovered many breaches similar to this one. Here are some of the reports\r\nwe’ve published:\r\nhttps://www.comparitech.com/blog/vpn-privacy/350-million-customer-records-exposed-online/\r\nPage 4 of 6\n\nUser logs including passwords of millions of UFO VPN customer exposed online\r\nTelmate exposes the personal info and messages of millions of prison inmates\r\n2.7 billion email addresses and many passwords exposed online\r\nExposure involving 600,000 records of Town Sports staff and members\r\nMore than 260 million Facebook credentials leaked on a hacked forum\r\nData leak involves over 2.5 million CenturyLink customer records\r\nRecords of almost 8 million UK online purchases leaked\r\n42 million phone numbers and user IDs of Iranian Telegram users exposed\r\n250 million Microsoft customer records leaked\r\nSocial media broker exposes 235 million scraped profiles\r\nWriter:\r\nPaul Bischoff\r\nhttps://www.comparitech.com/blog/vpn-privacy/350-million-customer-records-exposed-online/\r\nPage 5 of 6\n\nTech Writer, Privacy Advocate and VPN Expert\r\nPaul is Comparitech’s editor and a regular commentator on cyber security and privacy topics in national and\r\ninternational media including New York Times, BBC, Forbes, The Guardian and many others. He's been writing\r\nabout the tech industry since 2012 for publications like Tech in Asia, Mashable, and various startup blogs. Paul\r\nhas an in-depth ... Read more\r\nSource: https://www.comparitech.com/blog/vpn-privacy/350-million-customer-records-exposed-online/\r\nhttps://www.comparitech.com/blog/vpn-privacy/350-million-customer-records-exposed-online/\r\nPage 6 of 6",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"MITRE"
	],
	"references": [
		"https://www.comparitech.com/blog/vpn-privacy/350-million-customer-records-exposed-online/"
	],
	"report_names": [
		"350-million-customer-records-exposed-online"
	],
	"threat_actors": [],
	"ts_created_at": 1775434611,
	"ts_updated_at": 1775791247,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/3e59247d54ee62ac7e2140652e6e2d51d5acdcb3.pdf",
		"text": "https://archive.orkl.eu/3e59247d54ee62ac7e2140652e6e2d51d5acdcb3.txt",
		"img": "https://archive.orkl.eu/3e59247d54ee62ac7e2140652e6e2d51d5acdcb3.jpg"
	}
}