An exposed database run by TrueDialog revealed millions of SMS text messages, according to published reports on Sunday (Dec. 1).
Most of the text messages were sent by businesses to potential customers, with the service offering recipients the opportunity to respond to the messages so they can have two-way conversations with brands or businesses. The exposed database, which contained years of sent and received text messages, wasn’t password protected or encrypted.
Security researchers Noam Rotem and Ran Locar discovered the exposed database last month, which allowed anyone to read entire chains of conversations. TechCrunch also had the chance to review some of the data, which included information about university finance applications, marketing messages with discount codes, job alerts, and more. In addition, there was also sensitive information, such as two-factor codes, as well as messages that contained codes to access online medical services, password reset and login codes for sites including Facebook and Google, and usernames and passwords of TrueDialog’s customers.
TrueDialog pulled the database offline shortly after being contacted by TechCrunch. However, the company’s chief executive John Wright would not acknowledge the breach or respond to a request for comment.
This is the latest report of customer information leaked due to an exposed database. Just last month security researcher Oliver Hough discovered that printing company Vistaprint left an online database containing customer interactions unencrypted. Vistaprint spokesman Robert Crosland said customers in the U.S., U.K. and Ireland were affected.
“This is unacceptable and should not have happened under any circumstances,” the company said. “We’re currently carrying out a full investigation to understand what happened and how to prevent any future recurrence. At this time, we do not know whether this data has been accessed beyond the security researcher who found it.”
Once notified, Vistaprint quietly took down the database, included personally identifiable information on upward of 51,000 customer service interactions, such as chats with agents or support phone calls.