A huge database run by TrueDialog has been found exposed online. The Database stores tens of millions of SMS text messages, most of which are from businesses to potential customers.
The database is an SMS provider for businesses. Its customer base also includes higher education providers, they make bulk text messaging services available to companies, colleges, and universities. The Texas-based company says one advantage of its service is that recipients can also text back, allowing for two-way conversations with brands or businesses.
The database has stored years of sent and received text messages from its customers and processed by TrueDialog. Anyone can potentially look inside the unprotected database. It lacks encryption.
Security researchers Noam Rotem and Ran Locar found the database earlier this month as part of their internet scanning efforts.
TechCrunch examined a portion of the data, which contained detailed logs of messages sent by customers who used TrueDialog’s system. These included the contents of phone numbers and SMS messages. The database contains information about university finance applications, marketing messages from businesses with discount codes, and job alerts.
Tech Office Precautions That You Should Have In Mind
Bennie Technologies CEO, Jerry Mallo Unveils Nigeria’s First Luxury Car
Jumia In Trouble Again: Shuts Down In Tanzania
SMS Not Secure For Sensitive Data
The data also contained sensitive text messages, such as two-factor codes and other security messages. They may have allowed anyone viewing the data to gain access to a person’s online accounts. Many of the messages reviewed contained codes to access online medical services. Also, it could be used to obtain password reset and login codes for sites including Facebook and Google accounts.
The data also contained usernames and passwords of customers, which can access and impersonate their accounts.
Because some of the two-way message conversations contained a unique conversation code, it’s possible to read entire chains of conversations.
The company is just one of many SMS providers that have in recent months left systems and sensitive text messages on the internet without encryption for anyone to access. Not only that but it’s another example of while SMS text messages may be convenient, it is not a secure way to communicate Particularly for sensitive data, like sending two-factor codes.
Make sure to follow Plat4om on Twitter @Plat4omLive, on Instagram @Plat4om, on LinkedIn at Plat4om, and on Facebook at Plat4om. You can also email us firstname.lastname@example.org. Also, don’t forget to subscribe to our YouTube channel HERE.