Robocall Legal Advocate Leaks Customer Data
upstart writes in with an IRC submission:
Robocall Legal Advocate Leaks Customer Data:
The Blacklist Alliance provides technologies and services to marketing firms concerned about lawsuits under the Telephone Consumer Protection Act (TCPA), a 1991 law that restricts the making of telemarketing calls through the use of automatic telephone dialing systems and artificial or prerecorded voice messages. The TCPA prohibits contact with consumers - even via text messages - unless the company has "prior express consent" to contact the consumer.
With statutory damages of $500 to $1,500 per call, the TCPA has prompted a flood of lawsuits over the years.
[...] Enter The Blacklist Alliance, which promises to help marketers avoid TCPA legal snares set by "professional plaintiffs and class action attorneys seeking to cash in on the TCPA."
[...] Lawyers representing TCPA claimants typically redact their clients' personal information from legal filings to protect them from retaliation and to keep their contact information private. The Blacklist Alliance researches TCPA cases to uncover the phone numbers of plaintiffs and sells this data in the form of list-scrubbing services to telemarketers.
[...] Unfortunately for the Blacklist paying customers and for people represented by attorneys filing TCPA lawsuits, the Blacklist's own Web site until late last week leaked reams of data to anyone with a Web browser. Thousands of documents, emails, spreadsheets, images and the names tied to countless mobile phone numbers all could be viewed or downloaded without authentication from the domain theblacklist.click.
The directory also included all 388 Blacklist customer API keys, as well as each customer's phone number, employer, username and password (scrambled with the relatively weak MD5 password hashing algorithm).
Read more of this story at SoylentNews.