SMS communications company TrueDialog left millions of text messages exposed and unprotected in an online database that security researchers discovered last month, according to reports.
TrueDialog is a communications company that enables clients, including private businesses and universities, to send text messages to customers, students and other individuals. The service allows message recipients to respond to messages, enabling two-way conversations between TrueDialog customers and their contacts.
The company stored millions of private SMS messages in an online database that was left unencrypted and exposed on the internet without password protection, according to VPN review website and cybersecurity research team vpnMentor. Because of the lack of protection, anyone with knowledge of the database’s location could look inside.
Information stored in the database included text messages and conversations regarding college finance applications, marketing messages and more. There were highly sensitive messages that contained two-factor authentication codes, password reset and login codes for websites such as Facebook and Google and even codes for accessing personal medical records.
According to vpnMentor, the database also contained TrueDialog customers’ account logins and user details including email addresses, phone numbers, names, addresses and more.
The exposed data could have given unauthorized third parties access to text conversations, the ability to impersonate TrueDialog customers and even the personal data needed to run identity theft schemes or phishing attempts.
Media outlet TechCrunch contacted TrueDialog about the exposure and the database was taken offline. It has not been reported how long the texts were left exposed in an unprotected database.
It is also unclear how TrueDialog plans to alert customers to the data breach and what measures are being taken to determine the potential extent of the damage. According to TrueDialog’s website, its enhanced security features ensure critical data is protected.