advertisement
advertisement

Tens of millions of SMS text messages were exposed online—and anyone could read them

Everything from Facebook and Google login codes to phone numbers to university finance application data were exposed.

Tens of millions of SMS text messages were exposed online—and anyone could read them
[Photo: Thom Holmes/Unsplash]
advertisement
advertisement

A massive trove of tens of millions of SMS text messages was found online, and, as they were stored in an unencrypted format, anyone who knew of their location could copy or read them. The news of the massive breach was reported by TechCrunch, which says the database of millions of SMS messages came from a company called TrueDialog.

advertisement

TrueDialog provides SMS solutions to businesses and higher education institutions by allowing such organizations to not only communicate with their customers via SMS, but also allowing those customers to text the business back directly. As a result, the tens of millions of SMS messages left exposed contained a number of highly sensitive data about the receiver of the message. Such data included two-factor codes, university finance application data, job alerts, codes to access online medical services, password reset and login codes for Facebook and Google, email addresses, read receipt indicators, phone numbers, and more. Access to the SMS messages would have allowed malicious actors to impersonate the receiver.

The massive haul of exposed SMS messages was found by security researchers Noam Rotem and Ran Locar on November 26. After contacting TrueDialog but not hearing back from the company, TechCrunch contacted the company. It was only then that TrueDialog pulled the database offline.

About the author

Michael Grothaus is a novelist, journalist, and former screenwriter. His debut novel EPIPHANY JONES is out now from Orenda Books. You can read more about him at MichaelGrothaus.com

More