[BreachExchange] SMS Spammers Expose 80 Million Records Online

Destry Winant destry at riskbasedsecurity.com
Mon May 13 09:40:25 EDT 2019


https://www.infosecurity-magazine.com/news/sms-spammers-expose-80m-records/

The administrators of an SMS spam operation left an unsecured MongoDB
instance wide open online, exposing over 80 million records linked to
their ‘leads,’ according to researchers.

Bob Diachenko revealed the discovery in a blog post late last week,
claiming the MongoDB instance was named “ApexSMS” and left without
password protection.

“Upon further research it was identified that the MongoDB instance
name ApexSMS is also the name of an SMS Bombing program with the same
name that is highly advertised on hacker or black hat forums,” he
continued.

“What is SMS Bombing? Typically, cell phone users send one message at
a time. However, an SMS bomber is a software program that duplicates
the same message multiple times or rotates different messages and
sends all the messages to a number of your choice. This can be used
for pranks, harassment, or in this case marketing products or
services.”

The database of 80 million records uncovered by Diachenko included MD5
hashed emails; full names; city/state/country/postcode; IP address;
phone number; carrier network for mobile and landline/mobile.

It also included the messages used in the campaign to trick recipients
into clicking on links by pretending to be friends or family. Plus, it
recorded any text responses from victims.

Diachenko also suggested the administrators of the campaign may be
linked to cloud-based SMS platform Mobile Drip, which claims to offer
legitimate high-volume mobile marketing services.

The database itself was “quietly secured” a few days after he discovered it.

Tom Davison, EMEA director at Lookout, argued that unsolicited
communications represent a challenge for the end user in validating
the reputation of the sender without exposing themselves to further
risk.

“If individuals come across a similar campaign or they are unsure of
the sender, then the advice remains the same to never click on any
links in texts or share personal details,” he added.

“In addition, a mobile endpoint security solution that assesses web
and content risk removes this uncertainty and allows for safer
interactions."


More information about the BreachExchange mailing list