- Gillette ad showing a dad teaching his trans son how to shave has the internet in tears 2 Years Ago
- 4chan’s new troll campaign aims to make the hashtag a white supremacist symbol Today 2:49 PM
- Here’s what that ‘cliff wife’ meme is all about Today 12:58 PM
- Artist suspended from Facebook, Instagram after posting anti-MAGA artwork Today 12:04 PM
- How to watch Serie A online for free Today 7:30 AM
- What does ‘uwu’ mean? Today 7:00 AM
- How to uninstall the Epic Games Launcher (for real) Today 6:30 AM
- How to watch the Indianapolis 500 online for free Today 6:00 AM
- Ohio KKK rally met with massive counter-protest and witty signs from local businesses Saturday 5:06 PM
- Guy who said he stole drugs from MS-13 now says viral story is fake Saturday 4:07 PM
- Financial service company left 885 million private records exposed online Saturday 3:13 PM
- Sasha Obama went to prom and Twitter is delighted with the photos Saturday 2:22 PM
- Jon Voight says Trump is the greatest president since Lincoln in Twitter videos Saturday 1:31 PM
- #DeleteFacebook gains momentum after the platform refused to remove doctored Nancy Pelosi videos Saturday 11:58 AM
- ‘Game of Thrones’ failed women—and it’s a shame on its legacy Saturday 7:40 AM
Major leak exposes 400K recorded telemarketing calls, thousands of credit card numbers
The leak reveals the downside to being ‘recorded for quality assurance.’
A massive data breach of at least one telemarketing firm has exposed thousands of recorded telephone conversations in which customers provided sensitive information, including their credit card details.
Earlier this month, security researchers discovered several hundred thousand recorded phone conversations in an unsecured database online. The calls originate from a server named “VICIMARKETING.” It is unclear from the recordings heard by the Daily Dot whether the audio files belong to VICI Marketing, LLC, a Largo-area telemarketing service, or another firm.
As many as 375,000 recorded calls appear to be unsolicited “cold calls” to U.S. residents, a portion of which contain at least some personally identifiable information.
More than 17,000 recordings, however, are believed to contain sensitive details about telemarketing customers, including names, billing addresses, and credit card numbers, along with card expiration dates and three-digit card security codes (CVV)—everything an identity thief would need to rack up fraudulent bank charges online.
The data breach, which was secured as of Thursday, was first discovered during a routine security audit by the MacKeeper Security Research Center, a subsidiary of the international IT firm Kromtech Alliance. Due to the vast amount of data leaked, it may take several weeks to fully evaluate the impact of the breach, a researcher said. (Kromtech says it plans to destroy the leaked data once its damage assessment is complete.)
Kromtech has in the past worked closely with law enforcement and the U.S. Department of Homeland Security in cases where leaked data became part of a criminal investigation. One thing is clear, the IT firm said: “There is enough information in each call to provide cyber criminals with all they need to steal the credit card information or commit a wide range of crimes.”
Jeremiah Fowler of the MacKeeper research team warns that companies must take “every precaution” to secure their customers’ financial information. “It does not matter if they are spreadsheets, scanned images, or in this case nearly 400,000 audio recordings,” he said.
In one of the audio recordings played for the Daily Dot, a customer service representative can be heard identifying himself as an employee of Quality Resources, a customer acquisition firm based in Clearwater, Florida. (Quality Resource and VICI Marketing have employed several of the same people, according to LinkedIn.)
At the top of the call, the rep is heard warning a customer that, “For quality control, this call may be recorded.” The customer is then prompted to confirm personal information about himself, including, twice, complete credit card information.
In 2008, the Tampa Bay Times reported that VICI Marketing agreed to pay $350,000 to settle a complaint by the Florida Attorney General’s office, which accused the company of obtaining stolen data on U.S. consumers. The company was also fined the previous year for employing unlicensed telemarketers, including some who had felony convictions for fraud and identity theft.
The Tampa Bay newspaper further reported that VICI Marketing claimed to have halted consumer telemarketing operations in December 2007, to focus instead on business-to-business sales.
VICI Marketing could not be reached for comment. A phone number on its website no longer appears to reach the company, and the only email address—designated for hiring purposes—did not immediately respond to a request for comment. Calls to Quality Resource returned only a busy signal.
Dell Cameron was a reporter at the Daily Dot who covered security and politics. In 2015, he revealed the existence of an American hacker on the U.S. government's terrorist watchlist. He is a co-author of the Sabu Files, an award-nominated investigation into the FBI's use of cyber-informants. He became a staff writer at Gizmodo in 2017.