Security experts at
The company currently works with over 990 cell phone operators and has more than 5 billion subscribers.
“Aside from private text messages, our team discovered millions of account usernames and passwords, PII data of TrueDialog users and their customers, and much more.” reads the post published by vpnMentor.
“By not securing their database properly, TrueDialog compromised the security and privacy of millions of people across the USA.”
The database was left unsecured online and data was stored in plain text, it is hosted by Microsoft Azure and it runs on the Oracle Marketing Cloud.
According to the researchers the database included 1 billion entries belonging to over 100 million US citizens, last time they analyzed the archive it included 604 GB of data.
Experts found tens of millions of entries from messages sent via TrueDialog and conversations hosted on the platform. The sensitive data contained in these SMS messages included full names of recipients, TrueDialog account holders, TrueDialog users, the content of messages, email addresses, phone numbers of recipients and users, dates and times messages were sent, status indicators on messages sent (i.e. Read receipts, replies, etc.), TrueDialog account details.
“The data exposed was a mix of TrueDialog account holders, users, and 100s of millions of American citizens.” continues the post.
The database also includes logs of internal system errors as well as many HTTP requests and responses that expose the site’s traffic.
“The impact of this data leak can have a lasting impression for hundreds of millions of users. The available information can be sold to both marketers and spammers.” concludes
(SecurityAffairs – TrueDialog, data leak)
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.