According to researchers at privacy firm vpnMentor, millions of Americans’ data is at risk following the discovery of a breached database belonging to TrueDialog. TrueDialog is “the leading SMS provider for mass text messaging, SMS marketing and personalized 2-way SMS texting at scale.”
vpnMentor’s research team, led by Noam Rotem and Ran Locar, discovered the database, which was linked to “many aspects” of TrueDialog’s business. The database had “millions of account usernames and passwords, PII data of TrueDialog users and their customers, and much more.”
The researchers found the database as part of a web mapping project, using port scanning “to examine particular IP blocks and test open holes in systems for weaknesses.” As ethical hackers, the company tries to identify breaches in an effort to make the web safer. Once a breach is found, they verify the database’s identity and alert the company who owns it.
In the case of TrueDialog’s database, vpnMentor was able to access it because it was left “completely unsecured and unencrypted.” The database was 604 GB in size and “included nearly 1 billion entries of highly sensitive data.” The entries included account login details, full names, TrueDialog account holders and users, message contents, email addresses, time stamps of sent messages and more.
vpnMentor says the type of data could make it possible for bad actors to take over TrueDialog customer accounts, engage in corporate espionage, steal identities, run phishing scams and blackmail users.
Once the researchers verified the threat level, they reached out to TrueDialog to notify them and offer assistance in securing the database. Shortly after, access to the database was shut down, although TrueDialog never contacte ..