The company told Comparitech that the data had been stored on September 28th and was locked down October 2nd, a day after Diachenko notified Broadvoice. There hasn’t been evidence of “misuse” so far, the company said. Marketing VP Rebecca Rosen told Threatpost that it believed “less than 10,000” businesses were impacted, although that doesn’t say how many of those companies’ customers were at risk.
The practical damage appears to have been limited as a result. Even so, this illustrates the dangers of insecure data. The wrong decision can expose vast amounts of info, and it can only take a subset of that data to create serious problems.