Data Breach Exposes Over 100 Million Users’ Text Message Info to Spammers

By Jeremy Coumbes on December 4, 2019 at 8:54pm

A data base containing millions of text messages has been breached, possibly exposing sensitive information of over 100 million Americans.

TrueDialog is a mass marketing network used by companies to market to consumers via text messaging. The data breach was discovered late last month by sources outside of TrueDialog.

Rob Thomas of D.T.E. Technologies in Jacksonville says that people need to be aware of how big this breach was, and what information could have been compromised.

TrueDialog is a marketing mass text messaging service that, when you go to a site for retail stores like Target or Khols, and you sign up for text alerts about sales or coupons, TrueDialog is a company that provides the text service for those types of stores. TrueDialog, they had a massive data breach, and when I say massive, I mean massive.

Usually when a data breach happens, when they are figured out, they are closed pretty quick. Either the systems are taken offline, or they are repaired. This one sat for months, and they exposed name, address, telephone number, gender, I mean a lot of sensitive information.”

Thomas says that even if you have not sent sensitive information in a text message that could have been compromised, you could be susceptible to scam text messaging.

Thomas says that even just basic information such as a name, a phone number or email address being leaked can have a costly effect on peoples information down the line.

““How it affects you is, those things are quantified, packed up and sold, they are sold on the dark web, they are sold on the internet and now your phone numbers are exposed. So if you have those types of services, you need to be watching for spam text messages that have links in them. A lot of times you will get texts from a number like 62668, which is a legitimate marketing number.

CVS uses it, Walgreen’s uses it, it is the same type of service. But now you will get something from a number like 62671or something off that is not the same. It will say something like- “hey go here to look at this…” well now they are phishing you. They are trying to get you to go somewhere to enter your information. “Hey you need to reset your password, hey your bank is no good”, stuff like that.””

Thomas says that your bank or credit card company will never contact you via a text message asking the user to click a link to view an issue with an account. A bank will contact you by phone if a problem is found, and will have ways to verify that you are the correct account holder and to also verify that they are not a scammer.

““The text message to you, itself is nothing, you can ignore it. Yes your information is still out there and no that can’t be changed unless you change your phone number and your address and your identity.

Whenever these scammers retrieve these big troves of information, some of it is no good, probably 40%. But now when they send those messages out and you click on that link, you’ve just verified that you are a real person. They know- “yep, that’s an active number right there, and we are going to keep sending stuff to it and we are going to keep making it look official.”

So if you are unsure of a text message, don’t do anything. If you think you have a problem with your bank, call your bank. If you think you have a problem with your credit card, call your credit card company. Don’t follow those links and put info in. Don’t put your Netflix information in, any of that stuff. Because they will literally go “oh hey thanks for signing in but now we have a problem with your credit card.” and people go “oh well I want my Netflix, I want to watch the new season of whatever” and people will put their credit card info in and now they’ve got you.””

Thomas said that it is not always easy to tell a scam text from a real one on the surface, but there are ways you can protect your phone, just as you would a computer.

That is where these data breaches like this are so difficult. What I would recommend, whether you are on an iPhone, or an Android, it doesn’t matter. Download Malwarebytes or Bitdefender, something like that, an antivirus for your phone. Because those will catch those text messages, that hey these are known spam lists and they will catch them and block them.”

According to VPNmentor who claims to have discovered and alerted TrueDialog of the breach, the TrueDialog database, when last checked included 604 GB of data. This included nearly 1 billion entries of highly sensitive data, and that It is rare for one database to contain such a huge volume of information that’s also incredibly varied.