Millions of SMS messages exposed in database security lapse
A massive database storing tens of millions of SMS text messages, most of which were sent by businesses to potential customers, has been found online. The database is run by TrueDialog, a business SMS provider for businesses and higher education providers, which lets companies, colleges, and universities send bulk text messages to their customers and students. TechCrunch examined a portion of the data, which contained detailed logs of messages sent by customers who used TrueDialog’s system, including phone numbers and SMS message contents. But the data also contained sensitive text messages, such as two-factor codes and other security messages, which may have allowed anyone viewing the data to gain access to a person’s online accounts. One table alone had tens of millions of messages, many of which were message recipients trying to opt-out of receiving text messages. Not only that but it’s another example of why SMS text messages may be convenient but is not a secure way to communicate — particularly for sensitive data, like sending two-factor codes.