Home News TrueDialog Database Exposes Tens of Millions of SMS Data

TrueDialog Database Exposes Tens of Millions of SMS Data

Bait attacks, Email Attacks

Around ten million text messages were exposed by an unprotected database run by an American-based communications company, TrueDialog.

Security experts Noam Rotem and Ran Locar from VPNMentor discovered that a leaky database exposed millions of users’ data, including text messages, names, addresses, and other private information.

TrueDialog provides bulk SMS services to U.S.-based companies, colleges, and Universities. The company took down the unprotected database after the researchers notified the incident.

The researchers observed the database which hosted 604 GB of data and contained around one billion entries of TrueDialog’s customers. Apart from private text messages, millions of account usernames and passwords, years of information on TrueDialog’s business model, conversations with its customers, and account details were exposed in the incident.

“It’s difficult to put the size of this data leak into context. Tens of millions of people were potentially exposed in several ways. It’s rare for one database to contain such a huge volume of information that’s also incredibly varied. The database contained entries that were related to many aspects of TrueDialog’s business model,” the report stated.

The report also added, “The company itself was exposed, along with its client base, and the customers of those clients. The information contained in this database could have been used in myriad ways against the people whose information was exposed.”

In a similar security incident, Security researchers discovered an open Elasticsearch server that contains unique data records of around 1.2 billion users. According to the security analysts Bob Diachenko and Vinny Troia, the server holds more than 4 terabytes of data, without password protection or authentication.

The exposed data included names, email addresses, phone numbers, LinkedIn, and Facebook profile information. It’s believed that the exposed data appear to have originated from two different data enrichment companies namely People Data Labs (PDL) and OxyData.Io (OXY).