Researchers Discover Unprotected Azure-Powered TrueDialog Database Exposing Millions

Provided by USA TODAY a division of Gannett Satellite Information Network Inc. Texting

Provided by USA TODAY a division of Gannett Satellite Information Network Inc. Texting

Researchers said the texts included private messages as well as millions of account usernames, unencrypted passwords, personal information such as phone numbers and email addresses and TrueDialoge account details.

TrueDialog operates a service that enables businesses to text marketing materials and alerts to their clients in bulk.

Based in Austin, Texas, 10-year-old TrueDialog works with over 900 cell phone operators, who use the service to contact more than five billion people globally. "We disclosed our findings and offered our expertise in helping them close the data leak and ensure nobody was exposed to risk", the researchers said.

Earlier, the two researchers found an unsecured database owned by an Ecuadorian consulting company left over 20 million records on the South American country's citizens exposed to the internet.

The open database was found November 26 and it was closed November 29, vpnMentor said. "It's rare for one database to contain such a huge volume of information that's also incredibly varied".

"The objective of this web mapping project is to help make the internet safer for all users". With this link, unauthorized access would allow a diverse dataset to be vulnerable. "However, we were able to access it via browser and manipulate the URL search criteria into exposing the database schemata". TrueDialog, an SMS provider that enables US companies, colleges and universities to send bulk text messages, declined to comment to Information Security Media Group about the issue. "This would have given them a way to copy, or improve upon, the business model that has brought TrueDialog success.its competitors can also take advantage of the bad publicity the brand is going to receive, and even take over their customers". Almost 1 billion entries belonging to over 100 million USA citizens were found in the database, stored in plain text.

After the discovery of this incident, Truedialog has promptly put the server offline and has not made any acknowledgment about the breach and no officials are available to comment on this issue.

For example, user data could be sold to spammers and marketers.

Latest News