Insecure Database Exposes Millions of Private SMS Messages

Tens of millions of SMS messages have been found on an unprotected database, putting the private data of hundreds of millions of people in the United States at risk for theft or exposure and leaving a communications company open for potential intrusion, security researchers discovered. Noam Rotem and Ran Locar from the research team of vpnMentor found the database, which they said belongs to TrueDialog, a U.S.-based communications company, according to a blog post. Based in Austin, Texas, TrueDialog provides bulk SMS services for small businesses, colleges and universities, which means that the majority of the messages were business-related, researchers said. Moreover, the insecure database was linked to “many aspects” of TrueDialog’s business, potentially increasing unauthorized access to the data of millions of people as well as exposing an unusually diverse data set, they said. “Hundreds of millions of people were potentially exposed in a number of ways,” according to the post. “It’s rare for one database to contain such a huge volume of information that’s also incredibly varied.” Despite companies knowing the risks of leaving data unprotected online in this era of cloud-based storage, insecure databases are a persistent problem and remain one of the leading ways data breaches occur. These breaches not only leave customers and users of the companies who exposed the data at risk, but also leave the owners of the databases more susceptible to security threats as well….

Source