Led by Noam Rotem and Ran Locar, vpnMentor’s research team discovered a breached database belonging to the American communications company, TrueDialog.
TrueDialog provides SMS texting solutions to companies in the USA and the database in question was linked to many aspects of their business. This was a huge discovery, with a massive amount of private data exposed, including tens of millions of SMS text messages.
Aside from private text messages, our team discovered millions of account usernames and passwords, PII data of TrueDialog users and their customers, and much more.
By not securing their database properly, TrueDialog compromised the security and privacy of millions of people across the USA.
Millions of email addresses, usernames, cleartext passwords, and base64 encoded passwords (which are easy to decrypt) were easily accessible within the database.
We were able to find tens of millions of entries from messages sent via TrueDialog and conversations hosted on the platform. The sensitive data contained in these SMS messages included, but was not limited to:
- Full Names of recipients, TrueDialog account holders, & TrueDialog users
- Content of messages
- Email addresses
- Phone numbers of recipients and users
- Dates and times messages were sent
- Status indicators on messages sent, like Read receipts, replies, etc.
- TrueDialog account details
The data exposed was a mix of TrueDialog account holders, users, and tens of millions of American citizens.
There were hundreds of thousands of entries with details about users, including full names, phone numbers, addresses, emails and more.