TrueDialog Left Users Data And SMS Exposed On Unsecured Database

The American Telecom firm TrueDialog has inadvertently breached users’ privacy. The firm TrueDialog left a database exposed online containing millions of users’ SMS data.

TrueDialog Exposed Users Data And SMS

Reportedly, the vpnMentor hacktivist duo Noam Rotem and Ran Locar, have discovered another unsecured database. This time, the open database belongs to the American communication firm TrueDialog that exposed users’ SMS and data.

As described in their report, they found the leaky database risking the security of “tens of millions of US citizens”. The leaked data belonged to the company as well as is clients and their customers.

Specifically, the unsecured database exposed the following types of information.

  • TrueDialog Accounts details such as usernames, email addresses, passwords in plain text, and some easy to decrypt base64 encoded passwords.
  • Users’ SMS messages along with related information including the recipients’ names, email addresses, contact numbers of both the senders and the recipients, time logs, message delivery statuses, and TrueDialog account information.
  • Technical logs revealing details about the structure and management of the database.

Though the researchers estimate the records to be in tens of millions, they couldn’t determine the exact number though.

Database Went Offline With No Explanation

The researcher duo found this unsecured and unencrypted Elasticsearch database on November 26, 2019. They then identified the database owner which was not so difficult for them, as they mentioned.

It was quite easy to identify TrueDalog as the database owner. Their host ID “api.truedialog.com” was found throughout.

Within two days, they contacted the vendors to inform them of the matter. Following their report, the company seemingly pulled the database offline.

However, they did not reply to the researchers or acknowledged the breach.

TrueDialog is a huge firm with extensive collaborations with more than 990 cell phone operators. Presently, the company boasts 5 billion subscribers globally. Certainly, a company with such a huge impact should remain vigilant about the security and integrity of their databases and the overall IT infrastructure. Unfortunately, it seems TrueDialog didn’t act as responsibly as expected.

Let us know your thoughts in the comments.

Related posts

Water Facilities Must Secure Exposed HMIs – Warns CISA

Microsoft December Patch Tuesday Arrived With 70+ Bug Fixes

NachoVPN Attack Risks Corporate VPN Clients