U.S. Markets close in 2 hrs 4 mins

Millions of text messages were carelessly exposed by a marketing firm

Jon Fingas
Associate Editor

Yet another exposed database has left public data out in the open, and this time it affects something you might use often: the systems businesses use to text you for appointments. Researchers at vpnMentor recently discovered that TrueDialog, an SMS solution provider for businesses, left "millions" of accounts and "tens of millions" of text messages unprotected on the web. The messages sometimes included sensitive info like recipients' full names, email addresses and phone numbers, but the accounts' data was noticeably worse. You could find usernames, email addresses and a mix of clearly visible and lightly-encrypted passwords, including for commonly-used sites like Facebook and Google.

The company locked down the database on November 29th, a day after vpnMentor got in touch. It's not clear how long the database was left exposed, however, or whether there was any unauthorized access. We've asked TrueDialog for comment.

The exposed messages aren't going to include private conversations, but they still pose a risk. If malicious intruders accessed the database, they could have used some of the information for phishing scams and fraud. For businesses, the exposure was at least as bad -- it could have let attackers hijack accounts, learn about confidential activity and even steal sales leads. This may have also given unscrupulous competitors insight into how TrueDialog works.