Over 100 million Americans had their personal data exposed in major text data breach

Over 100 million Americans had their personal data exposed in major text data breach
What we are going to tell you is something that is bound to get your mind thinking back about any embarrassing texts you might have written. Or whether you might have sent some personal information via text like your social security or credit card numbers, passwords or even PINs. According to vpnMentor (via USA Today), a company that ranks virtual private networks (VPN), a database containing millions of text messages has been breached.

The database belongs to an American outfit named TrueDialog. The latter provides "Enterprise-Grade SMS Texting Solutions." The information available from the breached database not only includes tens of millions of texts from hundreds of millions of American users, it also contained millions of usernames, passwords (some in cleartext, others encoded but easy to decrypt) and more. The report puts the blame for the data breach directly on TrueDialog for failing to protect the database. It also notes that discovering the identity of the database owner was not difficult.

Over 100 million American citizens could be impacted by this data breach


The number of people affected by the breach is huge and the possibility that these texts could be read by bad actors is a very major deal; that puts companies like TrueDialog on the defensive. As vpnMentor notes, "Some affected parties deny the facts, disregarding our research or playing down its impact. So, we need to be thorough and make sure everything we find is correct and true. In this case, it was quite easy to identify TrueDialog as the database owner. Their host ID “api.truedialog.com” was found throughout. However, it was also clear that this was a huge data breach, compromising the privacy and security of over 100 million U.S. citizens across the country."

The database is hosted by Microsoft Azure and runs in the U.S. on the Oracle Marketing Cloud. It contains 1 billion entries adding up to 604GB of data. This data includes information about TrueDialog's business, its business clients and the latter's customers. All of this information could have been used by bad actors to steal identities and money from those with information exposed in the breach. Additionally, all of this data could have been sold to marketers and scammers. Knowing all of this information would make it easier for bad actors to engage in phishing schemes.


Perhaps you have yet to understand the seriousness of this. Tens of millions of SMS messages that were sent via TrueDialog were leaked revealing the full names of message recipients, account holders and users of TrueDialog's services. But even worse, the content of messages, email addresses, and recipients' phone numbers were viewable along with the date and time that these messages were sent.

TrueDialog itself could face a negative backlash because of this leak. The company's reputation will take a hit and companies that pay it for providing leads will stop doing business with it if they fear that those leads will get leaked for free. And the amazing thing is that vpnMentor was able to discover the breach because the database was not only unsecured, it also was unencrypted. TrueDialog has been in business for ten years, says vpnMentor, works with more than 990 cellphone operators and reaches 5 billion subscribers globally.

The date that vpnMentor discovered that the database was leaked was on November 26th. Two days later, it spoke with TrueDialog to report its findings while also offering to help it in the aftermath of the discovery. On November 29th, TrueDialog closed the database but never did get in touch with vpnMentor. While the database is now closed, it isn't known whether any information that was exposed was stolen by a scammer, spammer, bad actor, or hacker.

FEATURED VIDEO

6 Comments

1. CTHR100

Posts: 26; Member since: May 12, 2017

Is this the app true dialog, that you're writing about? I think techcrunch covers the story more accurately, and isn't using it as click bait/scare reads. "A massive database storing tens of millions of SMS  text messages, most of which were sent by businesses to potential customers, has been found online. The database is run by TrueDialog, a business SMS provider for businesses and higher education providers, which lets companies, colleges, and universities send bulk text messages to their customers and students. " Unfortunately I can't post the link due to too few comments.

2. Alan01

Posts: 643; Member since: Mar 21, 2012

All of the comments about the information exposed and leaked came directly from the source article published by vpnMentor. There is nothing exaggerated or untrue in the article or in the headline. Regards, Alan

3. CTHR100

Posts: 26; Member since: May 12, 2017

I didn't say untrue, nor did I say exaggerated. Also, why not link the original article? I do think that presentation is lacking. I am glad you covered the story however. Thank you! This is a scary breach in which many companies should look at their security and amplify it. It also gives greater credence to the need for end to end encryption. Which is rare.

6. Alan01

Posts: 643; Member since: Mar 21, 2012

The link to the vpnMentor report is in the article BTW. Regards, Alan

5. middlehead

Posts: 467; Member since: May 12, 2014

There may not be anything untrue here, but it is pretty obvious you cherrypicked information to mislead and frighten. CTHR's quote from techcrunch makes it clear this was a business service app, you act like it was a personal texting app that millions of people used.

4. michaeljohnny

Posts: 1; Member since: 4 days ago

If you’re looking for a good bargain on VPNs this Cyber Monday, PureVPN certainly won’t disappoint you. Their 5 Year plan is going for $79 only – that’s a discount of 88%! Take advantage of the offer before it’s too late

Latest Stories

This copy is for your personal, non-commercial use only. You can order presentation-ready copies for distribution to your colleagues, clients or customers at https://www.parsintl.com/phonearena or use the Reprints & Permissions tool that appears at the bottom of each web page. Visit https://www.parsintl.com/ for samples and additional information.