TrueDialog, Mixcloud, Magento Marketplace expose accounts
Thanksgiving is an ideal time to either hack (IT admins need holidays too) or to drop news of hacks (because no one's reading much news) so here's your roundup of the weekend's shenanigans.
In the past few days, researchers have disclosed breaches at mobile carrier TrueDialog, music streamer MixCloud, and Adobe's Magento Marketplace service. Millions of people are thought to be affected.
TrueDialog exposes "massive" activity database
The research team at VPNmentor took credit for the discovery and disclosure of a database owned by business comms provider TrueDialog. They report that the data of millions of users, including the content of SMS messages, was left out in the open after an Azure-hosted database was mistakenly set to public availability.
"This was a huge discovery, with a massive amount of private data exposed, including tens of millions of SMS text messages," reported the VPNmentor team.
"Aside from private text messages, our team discovered millions of account usernames and passwords, PII data of TrueDialog users and their customers, and much more."
TrueDialog provides SMS services to its customers, mostly businesses and educational institutions. The Texas-based company partners with phone carriers to offer things like alerts and large-scale marketing campaigns, as well as campus alerts and student admissions.
Those are the sort of SMS communications that were exposed, along with account details (email addresses, passwords in either plaintext or base64,) and contact information. VPNmentor says that, in total, the exposed database was 604GB in size and included data on tens of millions of people.
"It’s difficult to put the size of th ..