Some of your text messages may have been left exposed on the internet for the world to see.
A database housing millions of private SMS text messages was left open online for an extended period of time, a team of researchers at the online privacy company vpnMentor said Sunday. The Texas-based text messaging firm TrueDialog is thought to be responsible for the leak, the cybersecurity experts said.
The database contained access information to online medical services along with passwords and usernames to websites such as Google and Facebook.
The researchers warn that “millions of Americans are at risk.” The team was able to access the text messages because the logs were “completely unsecured and unencrypted,” the team said in a blog post.
TrueDialog, which creates text messaging solutions for small and large businesses, has since taken the logs offline, the researchers said. TrueDialog uses texts to send marketing materials and urgent alerts to customers.
Black Friday 2019: How scammers use gift cards, hot toy deals to trick you
Privacy issues:Uber reportedly wants to listen in on your rides
The company reaches 5 billion subscribers worldwide, the research team said.
“We contacted the company. We disclosed our findings and offered our expertise in helping them close the data leak and ensure nobody was exposed to risk,” the researchers said. “The database has since been closed, but TrueDialog never replied to us.”
USA TODAY reached out to TrueDialog for comment and details about the alleged leak.
The text message data in question was also examined by TechCrunch, which said the database contained detailed logs of messages sent by customers who used TrueDialog’s system. The leaked data included phone numbers, university finance applications, job alerts and other private information.
“The impact of this data leak can have a lasting impression for hundreds of millions of users. The available information can be sold to both marketers and spammers,” the researchers said.
The personal information contained in the text messages could be an asset to scammers; it could also be used in blackmail schemes and lead to identity theft and fraud.
Follow Dalvin Brown on Twitter: @Dalvin_Brown.