2019 should be named as the year of data leaks. From Facebook, Twitter to Microsoft, no one is that much secured to protect users’ data as data scandals are very common nowadays.
December is just started and we spotted a major data scandal. TrueDialog, A Southern US-based SMS provider firm (known as 3Seventy) that serves businesses and Universities for bulk messaging and 2-way conversations to customers and students database exposed online.
Researchers at Vpnmentor, Noam Rotem and Ran Locar found that 604GB of business texts are hosted unprotected on Microsoft Azure that runs on the Oracle Marketing Cloud.
The database contained so much data that includes —
- E-mail addresses, Username, Passwords
- Full Names, Phone numbers of recipients
- TrueDialog users account details
- Messages content, date-time stamp, and status
- Technical logs
- Potential customer details, sales
- Social Media Accounts login OTP
We were notified on Thursday that for a short period text message logs between our business customers and individuals were potentially accessible on one of our Azure servers. The data was located at a non-published network port which is now secured. We have internally found no evidence that the data was downloaded or viewed by anyone other than the security analyst who notified our company that the data was potentially accessible.John Wright, TrueDialog chief executive to Naked Security
The database was closed on November 29th. TechCrunch verified a part of the database and found the exposed legit.
TrueDialog has started an external security audit to prevent any kind of unauthorized access to its business database. Meanwhile, the company claimed that 99.6% of the total message logs contain no personally identifiable information.