Paul Bischoff reports:
Telmate, a service used by incarcerated inmates at US prisons to communicate with their friends and loved ones, has exposed a database containing tens of millions of call logs, private messages, and personal information about inmates and their contacts. The database was exposed on the web without a password or any other authentication required to access it.
Comparitech security researcher Bob Diachenko on August 13, 2020 discovered the unsecured database and immediately reported it to Global Tel Link, the company that owns and operates Telmate. The company, to its credit, responded within two hours and secured the database an hour later, but it’s possible that other unauthorized parties accessed it prior to Diachenko’s disclosure.
Read more on Comparitech.
Not only was it possible that other parties accessed it prior to Diachenko’s discovery and disclosure, but it definitely happened, as DataBreaches.net had been contacted about this leak prior to Diachenko’s discovery.