- Joined
- Sep 22, 2018
- Messages
- 31,732
- Location
- Moonbase Caligula
- SL Rez
- 2008
- Joined SLU
- 2009
- SLU Posts
- 55565
Millions of SMS messages exposed in database security lapse
Exclusive: The exposed database was left unprotected without a password. None of the data was encrypted.
techcrunch.com
The key bits here:A massive database storing tens of millions of SMS text messages, most of which were sent by businesses to potential customers, has been found online.
The database is run by TrueDialog, a business SMS provider for businesses and higher education providers, which lets companies, colleges, and universities send bulk text messages to their customers and students. The Austin, Texas-based company says one of the advantages to its service is that recipients can also text back, allowing them to have two-way conversations with brands or businesses.
The database stored years of sent and received text messages from its customers and processed by TrueDialog. But because the database was left unprotected on the internet without a password, none of the data was encrypted and anyone could look inside.
The database contained information about university finance applications, marketing messages from businesses with discount codes, and job alerts, among other things.
But the data also contained sensitive text messages, such as two-factor codes and other security messages, which may have allowed anyone viewing the data to gain access to a person’s online accounts. Many of the messages we reviewed contained codes to access online medical services to obtain, and password reset and login codes for sites including Facebook and Google accounts.
The data also contained usernames and passwords of TrueDialog’s customers, which if used could have been used to access and impersonate their accounts.