Data Breach: Millions of Phone Numbers, Recordings, and Call Logs Compromised in Ringostat Data Leak

Data Breach: Millions of Phone Numbers, Recordings, and Call Logs Compromised in Ringostat Data Leak

WizCase experts found a major breach in phone-tracking service Ringostat ’s database, millions of Phone Numbers, Recordings, and Call Logs Compromised

 security team has found a major breach in phone-tracking service Ringostat ’s database. This leak left vulnerable phone numbers, call recordings, call logs, and more to potential attack.
 The leaked data numbers in the millions and was accessible to anyone who possessed the link. There was no need for a password or login credentials to access the information, and the data was not encrypted. The leak has since been secured.

What’s Happening?

Ringostat is an Eastern European company specializing in call-tracking, analytics, and other marketing aids for smartphones. It was founded in 2013 and operates worldwide but mainly in Ukraine and Russia.

Our team of ethical hackers led by Ata Hakçıl discovered an ElasticSearch database used by Ringostat which exposed over 800 GB of user data.

What Data Was Leaked?

The ElasticSearch server leak exposed the details of 67,000 Ringostat clients. As the company is based in Ukraine, most of its clients could be identified as Ukrainian or Russian. The information leaked included approximately 8,000,000 voice recordings, 13,000,000 phone numbers, and hundreds of millions of call logs and metadata. All told, approximately 2 billion records were leaked.

Redacted client details

Redacted example of client details

The voice recording information could be accessed by anyone with a link and an Internet connection, leaving millions vulnerable.

Metadata included information like which phone number called and which number received the call, if the recipient answered; timestamp of the call; the IP address of the one who received the call; duration of the call (both overall duration and billable duration); GSM carrier; and client company who received the call.

Redacted metadata information

Redacted example of metadata information

Our team also found payment records from Stripe, including users’ id, IP, port, and the time of the transaction. Client details included company names, emails, number of emails, and phone numbers. Call recording data contained IP, port, and timestamp. Below is a table summarizing the types of records leaked and what data those records contained.

Type of Record Data Leaked
Metadata Phone number of caller and receiver, whether or not the call was answered, timestamp of the call, IP address, overall duration of the call, billable duration of the call, GSM carrier, and client company who received the call
Payment Records User id, IP, port, and time of transaction
Client Details Company name, associated email addresses, number of open deals, number of emails, and phone numbers
Call Recording Data IP, port and timestamp

What Are the Risks and How to Protect Yourself

Identity Theft: Leaked personally identifiable information (PIIs) can be used to access accounts on other websites, leading to further information leaks and outright identity theft. If found by bad actors, this information can lead to severe financial loss for many.

Scams, Phishing, and Malware: It is common for unethical hackers and criminals on the Internet to use personal data to create trustworthy phishing emails. The more information they possess, the more believable these emails look. Clicking on emails or attachments in these emails often results in giving the hackers an opportunity to force you to download malware or obtain easy access to your account.

Corporate Espionage: Competitors could target users on the database and attempt to steal them. If a law firm used Ringostat, for example, a rival firm could use their data to snipe potential clients from firms using Ringostat. This can result in severe financial loss for users.

Theft: Some of the voice recordings found in the database contain calls to moving companies and the like. With this information, criminals could pose as the moving company and arrive earlier than the real moving company and steal property.

Unfortunately, the above list is not comprehensive, and cybercriminals are always generating new methods to exploit anyone vulnerable on the Internet. However, users have ways to protect themselves.

As Ringostat is B2B (business-to-business), end users would not know if their data was leaked unless a service informed them. For future purposes, we recommend always inputting the bare minimum of information when making a purchase or setting up an account on the Internet. The less information you give hackers to work with, the less vulnerable you are to attack.

Though most email clients have methods to block spam and phishing attempts, they are not 100% effective. When receiving an unexpected email from a seemingly trustworthy source, do not open any attachments. Phishing emails often use scare tactics to force users to open the attachment. If you are ever unsure about an email from a trustworthy company, give them a call. This will usually let you verify whether the attachment is legitimate or not. A good antivirus program can also aid in protection from malware, trojans, and other dangers.

For examples of theft, do not let them into your home on first request. If you are ever unsure of your safety in these situations, always verify the identity of company employees who show up to work with the company itself.

Original post at

About the author: Chase Williams

If you want to receive the weekly Security Affairs Newsletter for free subscribe here.

Follow me on Twitter: @securityaffairs and Facebook

Pierluigi Paganini

(SecurityAffairs – hacking, Ringostat)

Leave a Reply

Your email address will not be published. Required fields are marked *