Call logs are printed on every billing statement by default. I believe it may even include SMS messages in some cases.

This data has likely proliferated widely throughout the company, subsidiaries and contractors, to reside on an unknowable number of systems. I would assume call record metadata is fully compromised at this point.

That’s not to take away from the finding in the blog – I’m merely commenting on the question in its conclusion, about the implications of a barely know technology vendor controlling the vulnerable server holding this data.

[dead]