MILLIONS of Americans may have had their texts and passwords exposed online in a massive security breach, researchers say.
A database housing tens of millions of private texts and usernames was reportedly left open online for an extended period of time.
Messaging firm TrueDialog, which allowed companies and colleges to send bulk texts, is allegedly responsible for the leak, privacy company vpnMentor claims.
The leaked information reportedly included phone numbers, university finance applications and job alerts, Tech Crunch reported.
Sensitive texts, such as two-factor codes – which may have allowed anyone to access a person's online accounts – were also reportedly exposed.
Some of the messages reportedly contained password reset and login codes for sites including Facebook and Google accounts, leaving users vulnerable to hackers.
The database was left unprotected on the internet without a password and none of the data was encrypted, so anyone could look inside, according to experts.
"The impact of this data leak can have a lasting impression for hundreds of millions of users,”
“The available information can be sold to both marketers and spammers.”
Experts at vpnMentor warned a scammer could use the private details that were exposed in the messages for a variety of fraudulent schemes.
With all the message content exposed in cleartext, scammers would also “have plenty of ammunition for blackmail”, the researchers added.
The database, which stored years of sent and received text messages from its customers and processed by TrueDialog, has since been taken down.
TrueDialog, which is based in Texas, was designed to allow companies, colleges, and universities to send bulk text messages to their customers and students.
The service allows recipients to text back to the bulk message, allowing them to have two-way conversations with brands or businesses.
The company reaches five billion subscribers worldwide, researchers said.
SunOnline has contacted TrueDialog for a comment.