Tens of Millions of SMS exposed in a Database Security Lapse

Every one of us receives daily messages from different businesses and brands. But, how many of you respond to them? That is another case if replying to the message is not allowed, but now there are certain software that allows replying to business messages as well.

Recently, the database of similar software was exposed. TrueDialog is an SMS provider to businesses and educational institutes to send bulk text messages to their target audience. Such includes messages for new openings, subscriptions, new discounts, admissions and much more.

TrueDialog is not a traditional software; it allows the sender and receiver to exchanges messages. It offers customers a two-way communication, so they can interact better.

The researchers Ran Locar and Noam Rotem found that the database of TrueDialog was unprotected on the internet. It means anyone including hackers or scams can get their hands on the data further leading to misuse it. Not to forget, the database contains millions of messages including passwords, pin codes, unique codes, account information and more that can cause major harm to users.

Upon identifying it, TechCrunch (TC) investigated the call logs on TrueDialog’s database. TC found a lot of information related to finance applications, job alerts, marketing messages and more on it. This was not it. The amount of sensitive messages still crossed boundaries.

TechCrunch found two-factor codes that could give access to malicious attacks on user’s personal accounts. Password resets and other important messages were also found in the messages log.

A set of messages was also found in which the users demanded to stop receiving the messages. The data had enough personal information of people to impersonate their accounts, however, the data was still left unprotected.


After thorough scrutiny, TechCrunch contacted TrueDialog, which instantly looked after this matter and pulled the database offline. John Wright, the Chief Executive of TrueDialog is not responding to the queries related to breach or if the company acknowledges customers about this issue.

TrueDialog is not the first SMS provider company that left sensitive information unprotected on the internet. It shows that customers should not communicate to businesses through SMS as they are highly dangerous. Let’s see what actions TrueDialog will take to cater to this issue and how will they deal with sensitive information in the future.



Read next: RCS Rollout Can Potentially Cause Security Breaches
Previous Post Next Post