When a leak occurs, it’s not usually the party responsible that figures it out. In fact, cybersecurity researchers are often the first ones to find unsecured databases filled with user information. If they report their findings on a regular basis, they can potentially save millions of people from identity theft and related crimes. That’s exactly what happened when a group of security researchers found a server containing hundreds of millions of texts containing private information — all with no encryption to speak of. Here’s what they found, and what it means for your privacy.
Mysterious database found containing text messages, accounts and passwords.
According to new reports from MSN, a database containing millions of text messages was available online without any form of security or encryption. This trove of personal information was discovered by security researchers at Israeli company vpnMentor, who have discovered several other high-profile leaks in the past. The data contained in the leak includes medical information exchanged via text message, as well as usernames for Facebook and Google, account passwords and private conversations. In terms of responsibility, the researchers point at Texas based messaging company TrueDialogue, the owners of the ill-fated server. Following the report, the database has gone offline with no way to access it again. TrueDialogue provides text message solutions for businesses and companies who rely on it to communicate with prospective hires, employees and applicants. The data contained in the database appears to have been harvested from users who engaged with TrueDialogue services. This incident doesn’t appear to be intentional, but it’s a relief nonetheless to know the database is gone. What’s more, no reports of identity theft connected to this leak have emerged. That doesn’t mean that hackers didn’t obtain the data at some point while it was online, though.
Am I included in this database? What can I do to protect myself?
Millions of people’s information was included in the database, but the fact that it’s offline now makes it difficult to know if you’re directly impacted. What’s more, many companies deploy TrueDialogue for their automatic text messaging services, so there’s no way to be absolutely certain if you were affected. But by practicing smart privacy techniques, you can minimize your risk of exposure. Frequently change your password on Facebook and Google, and make sure you have a system like two-factor authentication set up to protect your identity. Click or tap here to see the benefits of 2FA. If you suspect you’ve become a victim of identity theft, one of the first things you should do is freeze your credit. This can prevent any thieves from taking out loans or opening credit lines in your name. This will also alert credit authorities to any risks to your account. Click or tap here to learn how to freeze your credit.