TrueDialog has been alleged to leak a massive database of private text messages. This text messaging firm based in Texas has exposed this database for an extended time. According to news outlets, the said company leaked significant information regarding online medical services as well as usernames and passwords of Google and Facebook. Text messages were accessible because the logs were "completely unsecured and unencrypted" that make "millions of Americans at risk," cybersecurity experts said.
Who and what is TrueDialog
TrueDialog is a ten-year Austin, Texas-based text messaging firm. Its specialization involves SMS solution creation for both small and large businesses. It utilizes marketing SMS options, mass text messaging, urgent alerts, and others.
"Currently, TrueDialog works with over 990 cell phone operators and reaches more than 5 billion subscribers around the world," according to VPN Mentor.
Five billion users subscribe to this company, according to the research team.
"We contacted the company. We disclosed our findings and offered our expertise in helping them close the data leak and ensure nobody was exposed to risk," the researchers said. "The database has since been closed, but TrueDialog never replied to us."
TechCrunch also examined the leaked database that contained detailed logs of messages by clients. Private dat, university finance applications, phone numbers, and job alerts comprised the leaked data.
"The impact of this data leak can have a lasting impression for hundreds of millions of users. The available information can be sold to both marketers and spammers," the researchers said.
Possible Data Theft
Concerns regarding the breach like scammer using personal information by scammers and blackmail schemes that can lead to identity theft and fraud.
TechCruch discovered data contained two-factor codes and other security text messages that may permit any person to obtain access to the online account of the person in question. As mentioned, messages contained login codes and password reset for various social media platforms.
Usernames and password data of customers by TrueDialog were also contained and might be used for impersonating the client's accounts.
The possibility of accessing chains of conversations increases because of a unique conversation code is allowed in two-way message conversations. Millions of messages are contained in one table, along with many text recipients who desire to opt-out of receiving text messages.
"TechCrunch contacted TrueDialog about the exposure, which promptly pulled the database offline. Despite reaching out several times, TrueDialog's chief executive John Wright would not acknowledge the breach nor return several requests for comment. Wright also did not answer any of our questions - including whether the company would inform customers of the security lapse and if he plans to inform regulators, such as state attorneys general, per state data breach notification laws," according to the company's website.
TrueDialog is one of the SMS providers who have allowed sensitive SMS messages to be accessed by anyone on the internet for the past few months. Thus, this shows the disadvantage of using SMS for communication, especially for sensitive data that can be used for two-factor codes. This makes the SMS based companies in highlighting their security features and on their mechanism in protecting the privacy of data and information of their users.