Security Affairs
JADEPUFFER: First End-to-End AI-Driven Ransomware Operation|The Anatomy of a Shadow AI Supply-Chain Breach: Lessons from the 2026 Vercel Incident|Law enforcememt operation disrupted Malicious Residential Proxy Networks NetNut|Government and Healthcare Are the Weakest Links in Global Email Security|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|JADEPUFFER: First End-to-End AI-Driven Ransomware Operation|The Anatomy of a Shadow AI Supply-Chain Breach: Lessons from the 2026 Vercel Incident|Law enforcememt operation disrupted Malicious Residential Proxy Networks NetNut|Government and Healthcare Are the Weakest Links in Global Email Security|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

TrueDialog database leaked online tens of millions of SMS text messages

Millions of SMS messages have been leaked by a database run by TrueDialog, a business SMS provider for businesses and higher education providers. Security experts at vpnMentor discovered a database belonging to the US communications company, TrueDialog that was leaking millions of SMS messages. Most of the SMS included in the database were sent by […]

TrueDialog data leak

Millions of SMS messages have been leaked by a database run by TrueDialog, a business SMS provider for businesses and higher education providers.

Security experts at vpnMentor discovered a database belonging to the US communications company, TrueDialog that was leaking millions of SMS messages. Most of the SMS included in the database were sent by businesses to potential customers. TrueDialog focuses on providing several different SMS programs including mass text messaging, marketing SMS options, urgent alerts, an Education SMS solution, and more. 

The company currently works with over 990 cell phone operators and has more than 5 billion subscribers.

“Aside from private text messages, our team discovered millions of account usernames and passwords, PII data of TrueDialog users and their customers, and much more.” reads the post published by vpnMentor.

“By not securing their database properly, TrueDialog compromised the security and privacy of millions of people across the USA.”

TrueDialog data leak

The database was left unsecured online and data was stored in plain text, it is hosted by Microsoft Azure and it runs on the Oracle Marketing Cloud.

According to the researchers the database included 1 billion entries belonging to over 100 million US citizens, last time they analyzed the archive it included 604 GB of data.

Experts found tens of millions of entries from messages sent via TrueDialog and conversations hosted on the platform. The sensitive data contained in these SMS messages included full names of recipients, TrueDialog account holders, TrueDialog users, the content of messages, email addresses, phone numbers of recipients and users, dates and times messages were sent, status indicators on messages sent (i.e. Read receipts, replies, etc.), TrueDialog account details.

“The data exposed was a mix of TrueDialog account holders, users, and 100s of millions of American citizens.” continues the post.

The database includes logs of the platform that revealed important details as to how the database is structured and managed.

The database also includes logs of internal system errors as well as many HTTP requests and responses that expose the site’s traffic.

vpnMentor attempted to report their discovery to TrueDialog but they never received a reply. The database was discovered on 26/11/19 and experts reported it to TrueDialog on 28/11/19, the database was secured on 29/11/19.

“The impact of this data leak can have a lasting impression for hundreds of millions of users. The available information can be sold to both marketers and spammers.” concludes vpnMentor. TrueDialod competitors could have gotten a look into their backend and seen how the company is run from within. This would have given them a way to copy, or improve upon, the business model that has brought TrueDialog success.”

[adrotate banner=”9″] [adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – TrueDialog, data leak)

[adrotate banner=”5″]

[adrotate banner=”13″]