Researchers are claiming to have discovered an open Elasticsearch database containing five million records related to 1.5 million of Canada's Freedom Mobile customers — figures disputed by the telecommunications company.
Noam Rotem and Ran Locar from vpnMentor said they came across the database on 17 April and attempted to contact Freedom Mobile on 18 and 23 April with no response. The company did reply on 24 April and shut down access the same day.
The exposed files contained email address, home and mobile phone numbers, home addresses, dates of birth, customer types, IP addresses connected to payment methods, and encrypted credit card and CVV numbers.
"We could also access account numbers, subscription dates, billing cycle dates and customer service records including locations. Some entries also included data from an Equifax database. This included information on credit scores, credit class, and credit card accounts," the researchers said.
Freedom Mobile admitted to CBC News in the US that a breach did take place, but said the number is much lower than vpnMentor claimed, CBC reported.
Freedom said in a statement that "any reference to 1.5 million customers affected is inaccurate," contending that only 15,000 customers were impacted while noting that the company began its investigation on 25 March. Freedom Mobile said the data came from third-party vendor Apptium Technologies and that the leak only affected customers from 17 of its retail outlets that opened or changed account information through 17 April. The company claimed the problem was fixed by 23 April, CBC reported.
This article was originally published on SC Media US.