Recently, the vpnMentor’s team has discovered a massive data breach of an unsecured database run by TrueDialog. The website’s security researchers have detected that the database was left unprotected online, allowing third parties to access it. The database was finally secured on November 29. However, it is unknown for how long the sensitive data was exposed.

TrueDialog is a messaging platform based in Austin, Texas. It provides SMS solutions for both large and small businesses and higher education organizations and institutes. The company uses API-centric and cloud-based technologies that allow it to deliver text messages through more than 900 operators and reach about 5 billion subscribers.

Here’s what happened exactly. The exposed database was hosted by Microsoft Azure and run on the Oracle Marketing Cloud. It stored millions of SMS texts along with other private information, including messages sent from businesses to their customers. For some unknown reason, the database was left unprotected online. The stored data was unencrypted and had no password protection meaning that anyone could access it. Although the company has billions of subscribers all over the world, the latest data breach mostly affected customers in the USA, approximately 100 million of them.

What data was exposed?

  • Messages and conversations sent via TrueDialog (they included full names of recipients, users, and account holders; their email addresses and account details; content of the messages, phone numbers of both recipients and other users; dates and sent messages, statuses of messages).
  • TrueDialog account logins and details (they included addresses, emails, phone numbers and other private information).
  • Technical logs that could show how the database worked from the inside.

The TrueDialog database data breach gives rise to serious concerns about users’ privacy. The exposed data could be easily accessed by third parties and then used to their advantage.