2.7 Million Health-Related Calls, Sensitive Info Exposed for Six Years


A server used to store real-time recordings of phone calls made to the 1177 Swedish Healthcare Guide service for health care information was found completely exposed to the Internet, with no user or password to protect it.

As IDG’s Lars Dobos says, the millions of call recordings were left on an open web server that could be accessed with no password, with the conversations going back to 2013 and roughly 2.7 million calls amounting to 170,000 hours being left out in the open.

Based on the Apache HTTP Server it was running and the version installed (2.4.7, released during 2013), a quick Shodan search query shows that the server available at nas.applion.se might be impacted by roughly 23 vulnerabilities with CVEs assigned between 2013 and 2018.

Read more…
Source: ITPro