Millions of Americans' texts exposed in data breach

Text messages

A database housing millions of private SMS text messages was left open online for an extended period of time, a team of researchers at the online privacy company vpnMentor said Sunday.

"By not securing their database properly, TrueDialog compromised the security and privacy of millions of people across the US".

TrueDialog, which creates text messaging solutions for small and large businesses, has since taken the logs offline, the researchers said.

Along with text messages, vpnMentor said it found the full names of account holders, email addresses, phone numbers of recipients and users, dates and times messages were sent, status indicators on messages sent and other account details.

According to the researchers, TrueDialog works with over 990 cell phone operators and reaches more than 5 billion subscribers around the world. But because the database was left unprotected on the internet without a password, none of the data was encrypted and anyone could look inside.

The personal information contained in the text messages could be an asset to scammers; it could also be used in blackmail schemes and lead to identity theft and fraud.

The open database was found November 26 and it was closed November 29, vpnMentor said. They informed the telecommunication company two days later.


The server was discovered as a part of a huge web mapping project undertaken by vpnMentor.

"Our team was able to access this database because it was completely unsecured and unencrypted", they continued.

"The database contained entries that were related to many aspects of TrueDialog's business model".

TrueDialog clients use the company's services to send bulk SMS messages for marketing blurbs, customer support texting, employee and student notifications, and two-way texting. Wright also did not answer any of our questions - including whether the company would inform customers of the security lapse and if he plans to inform regulators, such as state attorneys general, per state data breach notification laws.

Because the data was stored in an unencrypted format, researchers note that millions of TrueDialog's customer account logins stored in clear text remained accessible.

For example, user data could be sold to spammers and marketers.

Related:

Comments

Latest news

Khloe Kardashian Reacts After Caitlyn Jenner Claims They Don't Talk Anymore
Kylie Jenner apparently doesn't pinch pennies when it comes to her security teams. Kylie has had more than a few brushes with scary fans and stalkers in the past.

Victims in London Bridge attack were recent Cambridge grads working with prisoners
Khan was arrested in 2010 and admitted to being part of an al-Qaida-inspired plot to set up a terrorist training camp in Pakistan. Meanwhile, two victims remain in hospital after sustaining injuries in the attack as another returned home.

WMO: 2019 rounds off a bleak decade for the climate
WMO warned that the oceans are paying a heavy price for global warming as they absorb heat and carbon dioxide. It says the average temperature for the decade through 2019 is nearly certain to be the highest on record.

North Korea's Kim celebrates completion of 'modern mountainous city'
Discussing the North Korean leader, Trump said: "I have confidence in him". I like him, he likes me, we have a good relationship. Kim "likes sending rockets up, doesn't he?".

Cyber Monday Advice From The BBB
The Better Business Bureau is warning shoppers about scammers who are trying to get your hard-earned money this Cyber Monday. First protect your personal information online by updating security software on your computer and mobile device.

Other news