INSUBCONTINENT EXCLUSIVE:
Security researchers have discovered a massive database, which was left exposed online, that contains tens of millions of SMS text messages
sent by businesses to potential customers.The database is run by a business SMS provider called TrueDialog that allows organizations and
colleges to send out bulk text messages to their customers and students
However, the service also gives recipients of these messages the ability to text back so that they can have two-way conversations with those
businesses.TrueDialog's database contained years worth of SMS messages that had been sent and received by its customers
Since the database was left unsecured online without a password, anyone could look at these messages which were also not encrypted.The
initial discovery of the exposed database was made by Noam Rotem and Ran Locar from vpnMentor's research team.After examining a portion of
the exposed data, TechCrunch found that it contained detailed logs of messages sent by customers who used TrueDialog's system including
their phone numbers and the contents of their messages.The database itself contained marketing messages from businesses, job alerts and
other offers sent out to customers but it also stored sensitive text messages such as two-factor authentication codes and security messages
Using the information contained in these messages, anyone could have potentially tried to gain access to users' online accounts. The data
also contained the usernames and passwords of TrueDialog's own customers which could have also been used to access and impersonate their
accounts.Another startling discovery was the fact that some of the two-way message conversations contained a unique conversation code
Using this code, anyone could have been able to read entire chains of conversations between businesses and their customers.This is just the
latest case of a database being left unsecured online but it also shows how SMS text messages are not a secure way to send sensitive data
such as two-factor authentication codes.Via TechCrunch
