The private details of millions of Americans were left exposed for anyone to see on a massive database of text messages held by TrueDialog.

Based in Austin, Texas, 10-year-old TrueDialog works with over 900 cell phone operators, who use the service to contact more than five billion people globally. Services offered by TrueDialog include ways for companies to send out text messages en masse to customers, or in a bid to pick up new business. As well as marketing, TrueDialog's services are used by emergency alert systems and an education SMS solution.

Read More:

• Adobe Creative Cloud data breach affects 7.5m customers
• Data breach weekly security report
• Words With Friends: Data of all 218 million mobile players stolen

The leaky server, which contained millions of unencrypted messages, was discovered by cybersecurity company vpnMentor, and not protected by a password. Anyone could view the text messages held by the server, then use the private information to conduct phishing campaigns, or sell the data to other parties.

Gryphon AX – Ultra-Fast Mesh WiFi 6 Parental Control Router – Advanced Content Filters and Next-Gen Firewall - 4.3 Gbps Across 3,000 sq. ft. per Router for Multi-Device Households

List Price: $299.00

New From: $299.00in Stock

Used From: $149.00in Stock

In addition to text messages, researchers at vpnMentor discovered millions of account usernames and passwords belonging to TrueDialog's clients and their customers.

vpnMentor reports how the insecure database was discovered on November 26. Two days later, researchers contacted TrueDialog about the problem, and despite receiving no reply, the server was secured a day later, on November 29.

TrueDialog is a 10-yea-company based in Austin, TexasTrueDialog

"When we last looked at the database, it included 604 GB of data, "vpnMentor said in a blog post published December 2, adding: "This included nearly one billion entries of highly sensitive data".

TrueDialog has not yet publicly commented on the server. GearBrain has requested a comment from TrueDialog, and we will update this article when we receive a reply.

The server was discovered as part of a huge web mapping project undertaken by vpnMentor. The system scans servers online and tests access ports that may lead to vulnerabilities. When a weakness is found, the company works to identify the database's identity and alerts the owner. In this case, the server was completely unsecured and unencrypted.

The blog added: "It's difficult to put the size of this data leak into context. Hundreds of millions of people were potentially exposed in several ways. It's rare for one database to contain such a huge volume of information that's also incredibly varied."

The database contained details on TrueDialog's business model, client base, customers, and text messages sent to end users. Some passwords were stored in clear text, and others were base64 encoded, but vpnMentor said they are still "easy to decrypt."

Data exposed by the unprotected server include:

• Full names of recipients, TrueDialog account holders, and TrueDialog users
• Content of messages
• Email addresses
• Phone numbers of recipients and users
• Dates and times messages were sent
• Status indicators on messages, like read receipts
• TrueDialog account details

vpnMentor added: "The impact of this data leak can have a lasting impression for hundreds of millions of users. The available information can be sold to both marketers and spammers."

In addition to affecting customers, the leak could have led to rivals learning how TrueDialog's business works. The vpnMentor blog post explains: "Their competitors could have gotten a look into their backend and seen how the company is run from within. This would have allowed them to copy or improve upon the business model that has brought TrueDialog success.... Their competitors can also take advantage of the bad publicity the brand is going to receive and even take over their customers."

There are also concerns over account takeover, corporate espionage, a loss of income and new leads, identity theft and fraud, phishing and phone or email scams, and blackmail.

This is an example of how regular consumers are put at risk through no fault of their own. All affected users can do is remain vigilant and look out for suspicious communication, such as text messages, emails, and phone calls. These may have come from a malicious company that has stolen their details from the leaking server.

Bitdefender Total Security - 5 Devices | 1 year Subscription | PC/Mac | Activation Code by email

List Price: $89.99

New From: $44.99in Stock