TrueDialog, a Texan company specialized in communication and marketing campaigns via SMS, is the protagonist of a leak that now threatens to bring the privacy of millions of people. A huge database containing millions of text messages sent and received in recent years through the service offered was discovered online, without any type of protection, not even a simple password.
TrueDialog database leak
In the archive telephone numbers, names, surnames, information on the financial situation and SMS messages in their integral form with lots of discount codes and job announcements sent by the companies to customers and employees, already acquired or to be retained. Even more serious, in many cases there are data concerning the systems of two-factor authentication for access to online services: from medical sector platforms to Google and Facebook.
Then there are username and password of TrueDialog users that could be exploited in the wrong handsblock sending of messages to the lists of users managed by companies that in the past have relied on the service. A peculiarity of the service offered is that which allows those who receive the SMS to reply to the same number as the sender, thus creating a sort of conversation: since each thread is identified by a unique code, entire calls and answers can be consulted.
The discovery is attributed to the team's researchers Noam Rotem and Ran Locar vpnMentor, during the scan of the online world in search of anomalies or vulnerabilities. TrueDialog did not answer the questions about the leak, merely deleting the database immediately after receiving a report.