Cybersecurity firm vpnMentor said it alerted database operator TrueDialog late last month about the breach, which mostly involved messages businesses sent to prospective customers. VpnMentor said TrueDialog, which says it handles text messages for various businesses, has since closed access to the SMS logs.
The open database was found Nov. 26 and it was closed Nov. 29, vpnMentor said.
“It’s difficult to put the size of this data leak into context,” vpnMentor wrote in its blog Sunday. “Tens of millions of people were potentially exposed in a number of ways. It’s rare for one database to contain such a huge volume of information that’s also incredibly varied.
“The database contained entries that were related to many aspects of TrueDialog’s business model. The company itself was exposed, along with its client base, and the customers of those clients.”
Along with text messages, vpnMentor said it found the full names of account holders, email addresses, phone numbers of recipients and users, dates and times messages were sent, status indicators on messages sent and other account details.