A major data breach has leaked the texts and usernames of more than 100 million Americans.
According to vpnMentor, a company that ranks virtual private networks (VPN), the database of a company called TrueDialog was compromised allegedily. The company is a US-based enterprise communications firm, providing “Enterprise-Grade SMS Texting Solutions.”
The database of 604GB included unencrypted passwords and the contents of SMS messages. TrueDialog, which is based in Texas, allows companies and colleges to send bulk texts
The leaked information reportedly included phone numbers, university finance applications and job alerts.
It is also thought that sensitive texts, such as two-factor codes – which may have allowed anyone to access a person’s online accounts – were also leaked.
The report by vpnMentor says: “Some affected parties deny the facts, disregarding our research or playing down its impact. So, we need to be thorough and make sure everything we find is correct and true. In this case, it was quite easy to identify TrueDialog as the database owner. Their host ID “api.truedialog.com” was found throughout. However, it was also clear that this was a huge data breach, compromising the privacy and security of over 100 million U.S. citizens across the country.”
The database is hosted by Microsoft Azure and runs in the U.S. on the Oracle Marketing Cloud. It contains 1 billion entries.
It was feared that the leaked information could have been used to steal identities and money from those with information exposed in the breach. The data could also have been sold to scammers and marketers.
Some of the messages reportedly contained password reset and login codes for sites including Facebook and Google accounts, leaving users vulnerable to hackers.
It was suggested that the database, which stored years of sent and received text messages from its customers, was left unprotected on the internet without a password and none of the data was encrypted, so anyone could look inside.
The breached database was discovered by researchers last month as part of their internet scanning efforts.
The database has now been taken down.