VOIP Mix-Up Exposes Customer Call Data
Bill Adler was relieved to get his old phone number back. The Washington-area resident's digits were marooned shortly after his former Internet-based phone service provider -- Sunrocket -- abruptly closed its doors in mid-July. Relieved, that is, until he received an odd phone call from a local man who'd inherited Adler's phone records along with his old temporary phone number.
Adler had signed up with ViaTalk, one of several voice-over-IP providers who scrambled to absorb Sunrocket's 200,000 stranded customers. ViaTalk gave him a temporary number while it was negotiating the recovery of his old one. A few weeks after ViaTalk secured his old number, Adler heard from the ViaTalk customer who had inherited his temporary digits.
"I couldn't believe it, and at first I thought it was a crank call," Adler said. "The guy was reading me our inbound and outbound phone records [created] during the one month we were using that temporary number."
Noel Gueugneau, the Annandale, Va., man who was issued Adler's old temporary number, discovered he had someone else's phone records after logging into his account page online and seeing calls to Korea he never made. He said he decided to alert Adler after getting little help from ViaTalk customer support.
"Because after one month I thought it was time to notify this person that I had complete access to his phone records," said Gueugneau, also a refugee from Sunrocket.
Brendan Brader, the chief executive of ViaTalk's parent company HostRocket, said the company was currently investigating whether the mix up was due to human error or a bug in the system.
"We have since started a complete technical review of the process to ensure that the mistake was not a bug on the automated side, and are in the process of going over the procedures step by step with all of our porting specialists as a refresher course to help avoid this type of occurrence in the future," Brader wrote in an e-mail to Security Fix.
Despite Brader's assurances that the issue had been resolved, Gueugneau says he still has access to Adler's old phone records. Adler says that's water under the bridge.
"I'm trying to divorce my anger over this whole thing from the reality that switching to another phone company is going to cause a lot more headaches," Adler said.
By Brian Krebs |
October 8, 2007; 11:10 AM ET
From the Bunker
,
Misc.
Previous: First the Campaign Ads, Then the Phishing... |
Next: Java Update Plugs Multiple Security Holes
Posted by: Rob Irwin | October 8, 2007 6:30 PM
Brendan Brader was aware of this issue going way back to 2005 when I made it aware to them and they did nothing about. I guess now its finally fixed but nonetheless they were aware of it for a couple years.
Posted by: JamesV518 | December 29, 2007 12:51 PM
The comments to this entry are closed.
100+ years ago the congress regulated the telephone companies because they were screwing the public on service, price and availability. In the '80s' deregulators threw the baby out with the bathwater.
Could we please have a middle of the road approach ?
Keep in mind that as of today any person in Japan can buy 100MB/sec internet plus wireless telephone for about the equivalent of $ 20/month.
I am paying $60+ for 4MB/sec plus landline
That's lowend for DC Metro area.
It is outrageous to have Sunrocket be able to bankrupt itself at the expense of the citizens. Further insult is added to injury when the records of one man are in the hands of a stranger. The criminal possibilities are endless.
Two reforms are a minimum :
1.Jail time and fines for all bribes[corporate campaign contributions] plus 2X fines if you bundle individual bribes together.
2.An FCC office of consumer affairs to investigate and enforce fines. Jail time by the Justice Dep't. It would have to answer one's email or snail mail in 1 week. It would have to clear the complaint in one month unless the complainant agreed to a longer investigation. No person on the FCC could be either an ex-employee of Congress, any communications company or a contributor to the campaign of the sitting President.
When enacted these would be a good start towards a uniform code of public conduct for corporations.
Of course it would be much better to abolish all corporate income tax and tax all individuals based on income alone, from all sources. No more corporate loopholes.