How Millions of SMS Messages Between Businesses and Customers Leaked Online

How Millions of SMS Messages Between Businesses and Customers Leaked Online

It's bad enough when you mistakenly send personal communications to the wrong people. But it's even worse when your personal communications are leak

Mark Zuckerberg Testifies in Front of Congress in Defense of Planned Cryptocurrency
27 Innovations We Use Constantly, But That You (Probably) Didn’t Know Were From the NASA Space Program
Big Fines on Companies Like Facebook and Teva Pharmaceutical Help Them Control Markets

It’s bad enough when you mistakenly send personal communications to the wrong people. But it’s even worse when your personal communications are leaked online with no ability to stop it.

According to a new report, a database with tens of millions of SMS messages between business and customers leaked online. The database was managed by TrueDialog, a company that provides SMS solutions to businesses, according to TechCrunch, which examined the database.

Users who knew where to look for the database found that it was available over the Internet and completely unprotected by a password, according to the report. Upon surveying the database, TechCrunch found customer logs, usernames and passwords, and even the security codes people get when they need to log into an account with two-factor authentication.

TechCrunch didn’t say which companies were affected by the database issue, but did say that the service is often used by businesses and universities aiming to attract potential customers. TrueDialog’s secret sauce is in allowing customers to respond to marketing messages. In some cases, those messages were readily accessible in the database.

After TechCrunch informed TrueDialog of the database, the company took it down, but the damage is already done.

While it sounds like TrueDialog’s data wasn’t necessarily of high value, revealing two-factor authentication codes can be dangerous. If hackers knew where to look, they could try to reset an account password and go to the TrueDialog database to find the authentication code for accessing an account. 

In other cases, just knowing a person’s username and password to one account might be enough for hackers to accurately guess credentials for another account they own.

But perhaps the most troubling issue is in businesses having no control over the leak in the first place. The data that leaked on company customers wasn’t actually stolen from the companies. Instead, it was leaked by the third party providing the service.

The issue highlights how little control companies have on data security. Worst of all, it reveals how they can be so negatively affected by leaks they don’t control. Customers who know their information leaked, after all, aren’t too happy with any company involved.

So, what can you do to improve your chances of not seeing customer data leak? Safeguarding your own databases and hardening your network are critical steps.

Unfortunately, there’s nothing you can do to ensure the security of customer data housed elsewhere. Perhaps the only thing you can do is work with companies that care as much about security as you do. Even then there’s no guarantee your data will always remain secure.

Indeed, in a world where security is paramount, actually achieving it is impossible.

The opinions expressed here by Inc.com columnists are their own, not those of Inc.com.

This article is from Inc.com

Do You Enjoy This Article?
Sign up for our newsletter and receive FREE access to download SuccessDigest Digital Weekly Edition for attainment of your financial freedom in the new digital economy!

Invalid email address
We promise not to spam you. You can unsubscribe at any time.

COMMENTS

WORDPRESS: 0
DISQUS: 0