More than 400,000 phone call recordings that include names, addresses, phone numbers and credit card information have been leaked online by Florida marketing company VICI Marketing following suspected security blunders.
The 28GB database was publicly-accessible and included recordings of inbound and outbound phone calls.
While most of the audio appears to be linked clearly to VICI Marketing, some do not mention the company's name in the recordings.
Researchers at Cologne-based MacKeeper found and reported the breach, then lambasted the Florida firm for the gaffe.
"There is enough information in each call to provide cyber criminals with all they need to steal the credit card information or commit a wide range of crimes," researchers says in a disclosure post.
"There is no suspected wrongdoing at this time other than leaking as many as 17,649 audio recordings with credit card numbers and private customer files."
More than 17,000 of the calls contained financial information.
The database was secured on Thursday but it is not known how long the data has been exposed.
MacKeeper notes some of the recordings do not warn customers that the calls are being recorded or stored, which could be a breach of law should the calls have involved people based in 11 US states where laws mandate consent before recordings can be captured.
The security flub follows a 2008 ruling against the company after it was discovered it had used stolen customer data. The company was found to have failed to validate the provenance of its data sources.
MacKeeper too has had security failings. In December 2015 it exposed a database of 13 million users including their names, email addresses, and weakly-protected passwords.
The software has long-since been regarded an unnecessary irritant for its deliberately confusing pop-up advertising. ®