Another huge data breach was discovered by researchers Noam Rotem and Ran Locar from vpnMentor. The team came across an unprotected TrueDialog database hosted by Microsoft Azure, which contained tens of millions of SMS messages.
TrueDialog Data Breach: Users in the United States Affected
The data breach affects users in the United States, and puts them at risk of data theft, as it is exposing business-related data and is putting a communications company at risk of potential intrusion.
According to the researchers, the exposed data belongs to TrueDialog, which is a communications company based in the States. The company provides bilk SMS services for small businesses, colleges and universities. To make things worse, the affected database was also linked to many aspects of TrueDialog’s business, thus increasing the chance of an intrusion and exposing a large data set.
Aside from private text messages, our team discovered millions of account usernames and passwords, PII data of TrueDialog users and their customers, and much more. By not securing their database properly, TrueDialog compromised the security and privacy of millions of people across the USA, the researchers said in a blog post.
This leaves hundreds of millions of people potentially exposed in several ways, since it is quite rare for a single database to contain such a diverse volume of information. The database was discovered on November 26, and the TrueDialog was contacted shortly after. The latest information says that the database, which is hosted by Microsoft Azure on the Oracle Marketing Cloud, contains 604 gigabytes of data, including a billion entries with sensitive details.
This is yet another example of a database containing large amounts of sensitive information exposed in an unprotected way. Such incidents leave both customers and companies at risk, and they also make the owners of databases more susceptible to the various security threats.
Another enormous data breach recently affected the personal information of more than 1.2 billion unique individuals. On October 16, 2019 Data Viper security researchers Bob Diachenko and Vinny Troia discovered a wide-open Elasticsearch server which contained “an unprecedented 4 billion user accounts spanning more than 4 terabytes of data.”