- Post-Prime Day recap: Shipping delays, more sales, and a scam 2 Years Ago
- Jacob Wohl returns to Twitter … for now Today 1:56 PM
- How to stream WWE Raw Reunion Today 1:35 PM
- ‘I hope Trump deports you’: Woman goes on racist rant to Spanish speakers at a store Today 1:24 PM
- Emoji Mashup Bot gives life to unidentifiable emotions Today 1:15 PM
- Notorious grifter Anna Sorokin reportedly blocked from profiting off Netflix series Today 12:45 PM
- Charlottesville attacker’s Twitter account included praise for Hitler Today 12:10 PM
- ‘Short Treks’ trailer: Spock, Pike, and Number One return Today 11:57 AM
- Everything we know about ‘Star Trek: Lower Decks,’ the new animated show Today 11:55 AM
- Cole Carrigan says he left Team 10 after being called homophobic slur Today 11:32 AM
- Cop under investigation after implying Ocasio-Cortez should be shot Today 11:07 AM
- The ‘Big Little Lies’ finale sucked—but at least we have Renata Today 11:01 AM
- Wendy Davis announces she’s running for Congress Today 10:45 AM
- Please stop being horny on main for #IceBae and other horrible people Today 10:02 AM
- Illinois Republicans share ‘jihad squad’ meme of 4 Dem congresswomen Today 9:05 AM
Major leak exposes 400K recorded telemarketing calls, thousands of credit card numbers
The leak reveals the downside to being ‘recorded for quality assurance.’
A massive data breach of at least one telemarketing firm has exposed thousands of recorded telephone conversations in which customers provided sensitive information, including their credit card details.
Earlier this month, security researchers discovered several hundred thousand recorded phone conversations in an unsecured database online. The calls originate from a server named “VICIMARKETING.” It is unclear from the recordings heard by the Daily Dot whether the audio files belong to VICI Marketing, LLC, a Largo-area telemarketing service, or another firm.
As many as 375,000 recorded calls appear to be unsolicited “cold calls” to U.S. residents, a portion of which contain at least some personally identifiable information.
More than 17,000 recordings, however, are believed to contain sensitive details about telemarketing customers, including names, billing addresses, and credit card numbers, along with card expiration dates and three-digit card security codes (CVV)—everything an identity thief would need to rack up fraudulent bank charges online.
The data breach, which was secured as of Thursday, was first discovered during a routine security audit by the MacKeeper Security Research Center, a subsidiary of the international IT firm Kromtech Alliance. Due to the vast amount of data leaked, it may take several weeks to fully evaluate the impact of the breach, a researcher said. (Kromtech says it plans to destroy the leaked data once its damage assessment is complete.)
Kromtech has in the past worked closely with law enforcement and the U.S. Department of Homeland Security in cases where leaked data became part of a criminal investigation. One thing is clear, the IT firm said: “There is enough information in each call to provide cyber criminals with all they need to steal the credit card information or commit a wide range of crimes.”
Jeremiah Fowler of the MacKeeper research team warns that companies must take “every precaution” to secure their customers’ financial information. “It does not matter if they are spreadsheets, scanned images, or in this case nearly 400,000 audio recordings,” he said.
In one of the audio recordings played for the Daily Dot, a customer service representative can be heard identifying himself as an employee of Quality Resources, a customer acquisition firm based in Clearwater, Florida. (Quality Resource and VICI Marketing have employed several of the same people, according to LinkedIn.)
At the top of the call, the rep is heard warning a customer that, “For quality control, this call may be recorded.” The customer is then prompted to confirm personal information about himself, including, twice, complete credit card information.
In 2008, the Tampa Bay Times reported that VICI Marketing agreed to pay $350,000 to settle a complaint by the Florida Attorney General’s office, which accused the company of obtaining stolen data on U.S. consumers. The company was also fined the previous year for employing unlicensed telemarketers, including some who had felony convictions for fraud and identity theft.
The Tampa Bay newspaper further reported that VICI Marketing claimed to have halted consumer telemarketing operations in December 2007, to focus instead on business-to-business sales.
VICI Marketing could not be reached for comment. A phone number on its website no longer appears to reach the company, and the only email address—designated for hiring purposes—did not immediately respond to a request for comment. Calls to Quality Resource returned only a busy signal.
Dell Cameron was a reporter at the Daily Dot who covered security and politics. In 2015, he revealed the existence of an American hacker on the U.S. government's terrorist watchlist. He is a co-author of the Sabu Files, an award-nominated investigation into the FBI's use of cyber-informants. He became a staff writer at Gizmodo in 2017.