More

    Millions of SMS messages exposed in database security lapse

    A massive database storing tens of millions of SMS  text messages, most of which were sent by businesses to potential customers, has been found online.

    The database is run by TrueDialog, a business SMS provider for businesses and higher education providers, which lets companies, colleges, and universities send bulk text messages to their customers and students. The Austin, Texas-based company says one of the advantages to its service is that recipients can also text back, allowing them to have two-way conversations with brands or businesses.

    The database stored years of sent and received text messages from its customers and processed by TrueDialog. But because the database was left unprotected on the internet without a password, none of the data was encrypted and anyone could look inside.

    Security researchers Noam Rotem and Ran Locar found the exposed database earlier this month as part of their internet scanning efforts.

    TechCrunch examined a portion of the data, which contained detailed logs of messages sent by customers who used TrueDialog’s system, including phone numbers and SMS message contents. The database contained information about university finance applications, marketing messages from businesses with discount codes, and job alerts, among other things.

    But the data also contained sensitive text messages, such as two-factor codes and other security messages, which may have allowed anyone viewing the data to gain access to a person’s online accounts. Many of the messages we reviewed contained codes to access online medical services to obtain, and password reset and login codes for sites including Facebook and Google accounts.

    The data also contained usernames and passwords of TrueDialog’s customers, which if used could have been used to access and impersonate their accounts.

    Because some of the two-way message conversations contained a unique conversation code, it’s possible to read entire chains of conversations. One table alone had tens of millions of messages, many of which were message recipients trying to opt-out of receiving text messages.

    TechCrunch contacted TrueDialog about the exposure, which promptly pulled the database offline. Despite reaching out several times, TrueDialog’s chief executive John Wright would not acknowledge the breach nor return several requests for comment. Wright also did not answer any of our questions — including whether the company would inform customers of the security lapse and if he plans to inform regulators, such as state attorneys general, per state data breach notification laws.

    The company is just one of many SMS providers that have in recent months left systems — and sensitive text messages — on the internet for anyone to access. Not only that but it’s another example of why SMS text messages may be convenient but is not a secure way to communicate — particularly for sensitive data, like sending two-factor codes.

    Recent Articles

    Resident Evil 3 is getting a modern remake on April 3rd, 2020

    Nemesis is back Hot on the heels of the popular Resident Evil 2 remake that was released earlier this year, Capcom has announced that it’ll be remaking Resident Evil 3 for modern...

    Walmart pulls Christmas sweaters that mixed Santa with sex and cocaine

    Walmart removed several pieces of holiday merchandise from its Canadian website after customers took offense to a line of risque Christmas clothing. The retail giant...

    Google’s BERT Rolls Out Worldwide

    Google announced via Twitter that its BERT algorithm is now rolling out worldwide. BERT will enable Google to better understand search queries.

    Snapchat launching deepfake ‘Cameo’ feature this month for editing your face into GIFs

    Snapchat is taking its filters and face tracking features to the next level later this month. TechCrunch reports that Snapchat will launch a new...

    Apple is heading to CES for the first time in decades to talk privacy

    Apple is crashing CES officially this year. What you need to know Apple is attending CES for the first time in decades. The company's Senior Director of...

    Latest Stories

    Leave A Reply

    Please enter your comment!
    Please enter your name here

    Stay on op - Ge the daily news in your inbox