A database that is hosted by Microsoft Azure has been found to hold millions of SMS messages is unprotected. According to security researchers, the TrueDialog database hosts tens of millions of unprotected messages from business-related users.
Because the data is unprotected, users are at risk from having their information exposed. All affected people are from the United States.
The database was discovered by Noam Rotem and Ran Locar from the research team of vpnMentor. TrueDialog is a U.S.-based telecommunications company that allows organizations to access bulk SMS services.
This means most of the messages on the unprotected database were enterprise focused. In a blog post, the researchers say the database had ties to several areas of TrueDialog's wider business. With this link, unauthorized access would allow a diverse dataset to be vulnerable.
“Hundreds of millions of people were potentially exposed in a number of ways,” according to the post. “It's rare for one database to contain such a huge volume of information that's also incredibly varied.”
Perhaps the most concerning aspect is that TrueDialog would knowingly leave the database unprotected. In an era of frequent data breaches, leaving a door open seems negligent. Among the data included on the data base are full names, account holder details, message contents, email addresses, and phone numbers.
Rotem and Locar discovered the Microsoft Azure-hosted TrueDialog database last week. They informed the telecommunication company two days later. The researchers say the situations could have a major effect on the company if the data is breached.
For example, user data could be sold to spammers and marketers. The research team says exploitation activity could range from simply annoying users with spam ads to more nefarious data attacks.