Phone : +91 9582 90 7788 | Email : sales@itmonteur.net

Register & Request Quote | Submit Support Ticket

Home » Cyber Security News » Unprotected MongoDB database leaks over 80 million records belonging to an SMS marketing firm ApexSMS

Unprotected MongoDB database leaks over 80 million records belonging to an SMS marketing firm ApexSMS

  • The leaky database also kept a track of users who clicked on messages through Grand Slam Marketing, another small advertising company.
  • The data exposed in the incident includes MD5-hashed emails, IP addresses, Phone numbers, and ZIP codes.

ApexSMS Inc., an SMS text marketing company that also does business under the name of Mobile Drip, has suffered a data breach due to an unprotected MongoDB database. The unguarded database has exposed a total of 80,055,125 records belonging to the firm.

What data was involved?

According to the security researcher Bob Diachenko, the database contained a massive amount of data related to an SMS operation center with “one of the most prominent folder called ‘leads’”.

The exposed records include:

  • MD5 hashed email
  • First/last name
  • City/state/country/zip
  • IP address
  • Phone number
  • Carrier network for mobile
  • Line type (mobile or landline)

What are the other interesting facts?

Upon further investigation, Diachenko found that ApexSMS Inc. undertakes so-called SMS Bombing campaigns. SMS bomber is a software program that duplicates the same message multiple times or creates unique messages before sending them to specific phone numbers.

SMS Bombing is usually used for pranks, harassment or marketing campaigns. It is highly advertised on hacker or black hat forums. ApexSMS spammed millions of cell phone numbers with a variety of messages while pushing their victims to dozens of different scam sites.

TechCrunch reported that around 2.1 million users had fallen victim to these scammed sites which were sent as SMS through toll-free phone numbers.

Which scammed sites are involved?

The leaky database also kept a track of users who clicked on messages through Grand Slam Marketing, another small advertising company. The company’s name came to the light through a scam site named ‘premium partner’

Another scam site copytm.com contained hidden code that stole users’ names, email addresses, phone numbers, and IP addresses. The stolen data was submitted to ApexSMS spam database.

Apart from storing scammed sites, the database also kept a record of SMS replies from users.

What actions have been taken?

TechCrunch has reported the issue to Mobile Drip which later responded by saying that it has engaged an outside legal firm to investigate the matter.

“We take compliance and data security very seriously, and we are currently investigating to determine to what extent our information has been exposed to unauthorized parties. We have currently engaged an outside legal firm to assist with our investigation of this matter and we are also engaging a cybersecurity firm to perform a security audit,” said the company.

Although it is unclear as for how long the database was left open on the internet, Diachenko has revealed that the misconfigured database has been quietly secured days after the initial reporting.

Information Security - InfoSec - Cyber Security - Firewall Providers Company in India

 

What is Firewall? A Firewall is a network security device that monitors and filters incoming and outgoing network traffic based on an organization's previously established security policies. At its most basic, a firewall is essentially the barrier that sits between a private internal network and the public Internet.

 

Secure your network at the gateway against threats such as intrusions, Viruses, Spyware, Worms, Trojans, Adware, Keyloggers, Malicious Mobile Code (MMC), and other dangerous applications for total protection in a convenient, affordable subscription-based service. Modern threats like web-based malware attacks, targeted attacks, application-layer attacks, and more have had a significantly negative effect on the threat landscape. In fact, more than 80% of all new malware and intrusion attempts are exploiting weaknesses in applications, as opposed to weaknesses in networking components and services. Stateful firewalls with simple packet filtering capabilities were efficient blocking unwanted applications as most applications met the port-protocol expectations. Administrators could promptly prevent an unsafe application from being accessed by users by blocking the associated ports and protocols.

 

Firewall Firm is an IT Monteur Firewall Company provides Managed Firewall Support, Firewall providers , Firewall Security Service Provider, Network Security Services, Firewall Solutions India , New Delhi - India's capital territory , Mumbai - Bombay , Kolkata - Calcutta , Chennai - Madras , Bangaluru - Bangalore , Bhubaneswar, Ahmedabad, Hyderabad, Pune, Surat, Jaipur, Firewall Service Providers in India

Sales Number : +91 9582 90 7788 | Support Number : +91-9654016484
Sales Email : sales@itmonteur.net | Support Email : support@itmonteur.net

Register & Request Quote | Submit Support Ticket