Another day, another data breach. Tens of millions of people were potentially exposed because messages and personal information stored in a database of Austin-based company, TrueDialog, were left unprotected. According to researchers the database was left on the internet without a password and none of the data was encrypted.
Noam Rotem and Ran Locar, a research team at vpnMentor, discovered the breach on Nov. 19, 2019.
“This was a huge discovery, with a massive amount of private data exposed, including tens of millions of SMS text messages,” the research team said on the vpnMentor website. “Aside from private text messages, our team discovered millions of account usernames and passwords, PII data of TrueDialog users and their customers, and much more.”
TrueDialog says it is the leading SMS provider for mass text messaging, SMS marketing and personalized two-way SMS texting, according to its website. The company has been in business 10 years and provides its clients, mostly businesses and higher education organizations, with the ability to send bulk emails to clients and students.
Among the information left unprotected were messages about university finance applications, job alerts, marketing messages from businesses with discount codes, usernames and passwords, TechCrunch reported after examining a portion of the data.
The database was taken offline after TrueDialog was contacted regarding the exposure. Chief Executive John Wright didn’t return TechCrunch’s requests for comment. He did not acknowledge the security lapse to TechCrunch. The researchers at vpnMentor offered assistance to help with the security breach, but TrueDialog officials did not respond.
TrueDialog works with over 990 cell phone operators and reaches more than 5 billion subscribers around the world.
Along with its clients and their customers being left exposed, TrueDialog was also left exposed. Rotem and Locar said the breach has potentially exposed tens of millions of people in multiple ways.
Among the information the pair found were phone numbers (recipients and users), email addresses, message content, full names, and TrueDialog account information.
“It’s rare for one database to contain such a huge volume of information that’s also incredibly varied,” they said.