Data breaches are becoming a frequent occurrence and are, of course, a concern for many consumers. The latest breach has now been revealed, as security researchers announce they have found an unsecured database containing nearly details of over 100 million US citizens.
This follows a report last month where dark web researchers Bob Diachenko and Vinny Troia found a huge collection of online data, including consumers’ personal information like their social media profiles and phone numbers.
In this latest case, researchers have found a large database containing text messages, many of which held private information. There were close to a billion entries altogether, stored in a plain text format. Many were sent by businesses to customers and contained information such as full names, phone numbers, email addresses, and postal addresses.
According to cybersecurity experts Noam Rotem and Ran Locar, who wrote a blog on the subject, the information, there are “tens of millions” of messages being held “completely unsecured and unencrypted” over long periods of time.
At the moment, it’s believed that business SMS provider TrueDialog is responsible for the breach. The company runs a service that allows businesses to bulk message clients and customers and it currently has over 5 billion subscribers worldwide.
The researchers said, “We contacted the company. We disclosed our findings and offered our expertise in helping them close the data leak and ensure nobody was exposed to risk. The database has since been closed, but TrueDialog never replied to us. The available information can be sold to both marketers and spammers.”
TechCrunch says that this is “another example of why SMS text messages may be convenient but is not a secure way to communicate — particularly for sensitive data, like sending two-factor codes.”
The database has now been removed, therefore it’s not possible to identify any customers who were affected by the breach. However, the researchers recommend that, in order to protect themselves, customers take security precautions at all times by taking steps like frequently changing passwords and setting up two-factor authentication on their online accounts.