Security & Fraud

TrueDialog SMS Provider Leaks Millions Of Business Texts

vistaprint, text messages

An exposed database run by TrueDialog revealed millions of SMS text messages, according to published reports on Sunday (Dec. 1).

Most of the text messages were sent by businesses to potential customers, with the service offering recipients the opportunity to respond to the messages so they can have two-way conversations with brands or businesses. The exposed database, which contained years of sent and received text messages, wasn’t password protected or encrypted.

Security researchers Noam Rotem and Ran Locar discovered the exposed database last month, which allowed anyone to read entire chains of conversations. TechCrunch also had the chance to review some of the data, which included information about university finance applications, marketing messages with discount codes, job alerts, and more. In addition, there was also sensitive information, such as two-factor codes, as well as messages that contained codes to access online medical services, password reset and login codes for sites including Facebook and Google, and usernames and passwords of TrueDialog’s customers.

TrueDialog pulled the database offline shortly after being contacted by TechCrunch. However, the company’s chief executive John Wright would not acknowledge the breach or respond to a request for comment.

This is the latest report of customer information leaked due to an exposed database. Just last month security researcher Oliver Hough discovered that printing company Vistaprint left an online database containing customer interactions unencrypted. Vistaprint spokesman Robert Crosland said customers in the U.S., U.K. and Ireland were affected.

“This is unacceptable and should not have happened under any circumstances,” the company said. “We’re currently carrying out a full investigation to understand what happened and how to prevent any future recurrence. At this time, we do not know whether this data has been accessed beyond the security researcher who found it.”

Once notified, Vistaprint quietly took down the database,  included personally identifiable information on upward of 51,000 customer service interactions, such as chats with agents or support phone calls.


Featured PYMNTS Study: 

With eyes on lowering costs to improving cash flow, 85 percent of U.S. firms plan to make real-time payments integral to their operations within three years. However, some firms still feel technical barriers stand in the way. In the January 2020 Making Real-Time Payments A Reality Study, PYMNTS surveyed more than 500 financial executives to examine what it will take to channel RTP interest into real-world adoption. Here’s what we learned.