- How to stream UFC Fight Night 145 in Prague for free 2 Years Ago
- R. Kelly charged in Chicago with multiple counts of sex abuse Friday 7:51 PM
- Elon Musk finally hosts PewDiePie’s meme review Friday 6:27 PM
- Netflix throws ‘Umbrella Academy’-themed wedding for fans Friday 4:54 PM
- Report: Facebook collects app data on users’ body weight, menstrual cycles Friday 3:38 PM
- Amy Klobuchar reportedly ate salad with a comb, and Twitter’s got questions Friday 2:47 PM
- Nobody likes Spotify’s new update Friday 2:34 PM
- Student assaulted on campus while tabling for right-wing group Friday 1:56 PM
- Kim Kardashian West sues fashion company for using her likeness to sell clothes Friday 1:12 PM
- The Oscar-nominated movies you’ll actually want to watch again Friday 12:56 PM
- Viral graphic shows the moment Apple became the top brand Friday 12:27 PM
- Jake Paul calls out KSI for a YouTube boxing match Friday 11:31 AM
- This elementary school made students play ‘runaway slave’ Friday 11:20 AM
- ‘Captain Marvel’ is already a box office hit Friday 11:06 AM
- This ‘buff bunny vs. small bunny’ meme is here for when you’re feeling inferior Friday 10:53 AM
Major leak exposes 400K recorded telemarketing calls, thousands of credit card numbers
The leak reveals the downside to being ‘recorded for quality assurance.’
A massive data breach of at least one telemarketing firm has exposed thousands of recorded telephone conversations in which customers provided sensitive information, including their credit card details.
Earlier this month, security researchers discovered several hundred thousand recorded phone conversations in an unsecured database online. The calls originate from a server named “VICIMARKETING.” It is unclear from the recordings heard by the Daily Dot whether the audio files belong to VICI Marketing, LLC, a Largo-area telemarketing service, or another firm.
As many as 375,000 recorded calls appear to be unsolicited “cold calls” to U.S. residents, a portion of which contain at least some personally identifiable information.
More than 17,000 recordings, however, are believed to contain sensitive details about telemarketing customers, including names, billing addresses, and credit card numbers, along with card expiration dates and three-digit card security codes (CVV)—everything an identity thief would need to rack up fraudulent bank charges online.
The data breach, which was secured as of Thursday, was first discovered during a routine security audit by the MacKeeper Security Research Center, a subsidiary of the international IT firm Kromtech Alliance. Due to the vast amount of data leaked, it may take several weeks to fully evaluate the impact of the breach, a researcher said. (Kromtech says it plans to destroy the leaked data once its damage assessment is complete.)
Kromtech has in the past worked closely with law enforcement and the U.S. Department of Homeland Security in cases where leaked data became part of a criminal investigation. One thing is clear, the IT firm said: “There is enough information in each call to provide cyber criminals with all they need to steal the credit card information or commit a wide range of crimes.”
Jeremiah Fowler of the MacKeeper research team warns that companies must take “every precaution” to secure their customers’ financial information. “It does not matter if they are spreadsheets, scanned images, or in this case nearly 400,000 audio recordings,” he said.
In one of the audio recordings played for the Daily Dot, a customer service representative can be heard identifying himself as an employee of Quality Resources, a customer acquisition firm based in Clearwater, Florida. (Quality Resource and VICI Marketing have employed several of the same people, according to LinkedIn.)
At the top of the call, the rep is heard warning a customer that, “For quality control, this call may be recorded.” The customer is then prompted to confirm personal information about himself, including, twice, complete credit card information.
In 2008, the Tampa Bay Times reported that VICI Marketing agreed to pay $350,000 to settle a complaint by the Florida Attorney General’s office, which accused the company of obtaining stolen data on U.S. consumers. The company was also fined the previous year for employing unlicensed telemarketers, including some who had felony convictions for fraud and identity theft.
The Tampa Bay newspaper further reported that VICI Marketing claimed to have halted consumer telemarketing operations in December 2007, to focus instead on business-to-business sales.
VICI Marketing could not be reached for comment. A phone number on its website no longer appears to reach the company, and the only email address—designated for hiring purposes—did not immediately respond to a request for comment. Calls to Quality Resource returned only a busy signal.
Dell Cameron was a reporter at the Daily Dot who covered security and politics. In 2015, he revealed the existence of an American hacker on the U.S. government's terrorist watchlist. He is a co-author of the Sabu Files, an award-nominated investigation into the FBI's use of cyber-informants. He became a staff writer at Gizmodo in 2017.