Millions of SMS messages exposed in database security lapse

Cornelia Mascio
Dicembre 3, 2019

"Aside from private text messages, our team discovered millions of account usernames and passwords, PII data of TrueDialog users and their customers, and much more".

A massive database storing tens of millions of SMS text messages, most of which were sent by businesses to potential customers, has been found online. Services offered by TrueDialog include ways for companies to send out text messages en masse to customers, or in a bid to pick up new business. The firm boasts five billion subscribers worldwide.

Earlier, the two researchers found an unsecured database owned by an Ecuadorian consulting company left over 20 million records on the South American country's citizens exposed to the internet.

TechCrunch notes that the leak is "another example of why SMS text messages may be convenient but is not a secure way to communicate - particularly for sensitive data, like sending two-factor codes".

vpnMentor reports how the insecure database was discovered on November 26.

The server was discovered as a part of a huge web mapping project undertaken by vpnMentor. With this link, unauthorized access would allow a diverse dataset to be vulnerable. If malicious intruders accessed the database, they could have used some of the information for phishing scams and fraud.

TrueDialog clients use the company's services to send bulk SMS messages for marketing blurbs, customer support texting, employee and student notifications, and two-way texting.

Yet another exposed database has left public data out in the open, and this time it affects something you might use often: the systems businesses use to text you for appointments. "This would have given them a way to copy, or improve upon, the business model that has brought TrueDialog success.its competitors can also take advantage of the bad publicity the brand is going to receive, and even take over their customers". Still, it isn't known how long the 604 GB of data with millions of messages - which were hosted by Microsoft Azure and ran on the Oracle Marketing Cloud in the USA - was open and if anyone copied the data. "The available information can be sold to both marketers and spammers", the researchers said.

Altre relazioniGrafFiotech

Discuti questo articolo

Segui i nostri GIORNALE