[BreachExchange] Tens of Millions of SMS text Messages & Massive Private Data Leaked Online From Hacked Database

Destry Winant destry at riskbasedsecurity.com
Tue Dec 3 10:07:02 EST 2019


Researchers discovered a massive hacked database online that exposed
tens of millions of SMS text messages, and private data belongs to a
U.S company TrueDialog.

TrueDialog is an American communication company that offering SMS
texting solutions to companies such as businesses, universities, and
colleges in the USA.

Companies claim that they provide Enterprise-grade SMS Texting
service, but this massive data leak indicates and leads to huge risks
for their customers who have sent and received an SMS for a year of
the period.

By holding an unsecured database, TrueDialog leaked millions of
people’s sensitive data across the USA, and the researchers confirmed
that the unprotected database belongs to TrueDialog by finding the
evidence of their Host ID “api.truedialog.com”.

Discovered database, Also contains millions of account usernames and
passwords, PII data of TrueDialog users and their customers, and much

Since the uncovered database huge volume of data, there is no doubt
that the company compromising the privacy and security of 100 million
US citizens across the country.

The Database with 604 GB of data and 1 billion entries that had
sensitive data was initially discovered on 26/11/19, and it is hosted
by Microsoft Azure and runs on the Oracle Marketing Cloud in the USA.

What Types of Data Stored in the Unprotected Database

Researchers claim that the database contains different entries related
to many aspects of TrueDialog’s business model and its a rare one that
the single database with this much huge volume of sensitive data.

The database contains millions of email addresses, usernames,
cleartext passwords, and base64 encoded passwords which can be easily

According to VPNMentor research “Tens of millions of entries from
messages sent via TrueDialog and conversations hosted on the platform
and the Messages including,

Full Names of recipients, TrueDialog account holders, & TrueDialog users
Content of messages
Email addresses
Phone numbers of recipients and users
Dates and times messages were sent
Status indicators on messages sent, like Reading receipts, replies, etc.
TrueDialog account details

Username & PasswordSMS conversation

The researcher also found some of the technical logs that revealed
important details as to how the database is structured and managed.

This massive leak could lead to potential risks for the customers, and
if it reached the wrong hand, cybercriminals could perform various
attacks such as Phishing and scams, Identity theft, and Fraud, Account
Takeover and Blackmail the customers.

TrueDialog has been finally closed the database and the database now
secured. you can also check the important network security principles
to protect businesses from cyber attacks.

More information about the BreachExchange mailing list