It's bad enough when you mistakenly send personal communications to the wrong people. But it's even worse when your personal communications are leak
It’s bad enough when you mistakenly send personal communications to the wrong people. But it’s even worse when your personal communications are leaked online with no ability to stop it.
According to a new report, a database with tens of millions of SMS messages between business and customers leaked online. The database was managed by TrueDialog, a company that provides SMS solutions to businesses, according to TechCrunch, which examined the database.
Users who knew where to look for the database found that it was available over the Internet and completely unprotected by a password, according to the report. Upon surveying the database, TechCrunch found customer logs, usernames and passwords, and even the security codes people get when they need to log into an account with two-factor authentication.
TechCrunch didn’t say which companies were affected by the database issue, but did say that the service is often used by businesses and universities aiming to attract potential customers. TrueDialog’s secret sauce is in allowing customers to respond to marketing messages. In some cases, those messages were readily accessible in the database.
After TechCrunch informed TrueDialog of the database, the company took it down, but the damage is already done.
While it sounds like TrueDialog’s data wasn’t necessarily of high value, revealing two-factor authentication codes can be dangerous. If hackers knew where to look, they could try to reset an account password and go to the TrueDialog database to find the authentication code for accessing an account.
In other cases, just knowing a person’s username and password to one account might be enough for hackers to accurately guess credentials for another account they own.
But perhaps the most troubling issue is in businesses having no control over the leak in the first place. The data that leaked on company customers wasn’t actually stolen from the companies. Instead, it was leaked by the third party providing the service.
The issue highlights how little control companies have on data security. Worst of all, it reveals how they can be so negatively affected by leaks they don’t control. Customers who know their information leaked, after all, aren’t too happy with any company involved.
So, what can you do to improve your chances of not seeing customer data leak? Safeguarding your own databases and hardening your network are critical steps.
Unfortunately, there’s nothing you can do to ensure the security of customer data housed elsewhere. Perhaps the only thing you can do is work with companies that care as much about security as you do. Even then there’s no guarantee your data will always remain secure.
Indeed, in a world where security is paramount, actually achieving it is impossible.
The opinions expressed here by Inc.com columnists are their own, not those of Inc.com.
This article is from Inc.com