29 C
Wednesday, December 7, 2022

Unprotected MongoDB database leaks over 80 million records belonging to an SMS marketing firm ApexSMS

HomeSecurity AwarenessUnprotected MongoDB database leaks over 80 million records belonging to an SMS...

[Diwali Offer] Bumper 30% Discount on all IIT Certification Courses

Dear Student, Till Diwali, we are offering maximum discount of 30% on all IIT Certification Courses. We guarantee that you'll...

Must Read

BlARROW is a unilingual, electronic, free-content site which composes write-ups on issues concerning online security. It is run helpfully by content scholars who write on a broad scope of subjects. Anyone with access to the internet connection and an ache to gain some new useful knowledge can get to these articles. Aside from this, they additionally give Udemy coupons, Appstore Games, and applications, all for free. So, in case one is curious to learn something new, gain widespread knowledge without drawing a hole in the pocket.

[aoa id=”0″]


  • The leaky database additionally saved a monitor of customers who clicked on messages via Grand Slam Advertising, one other small promoting firm.
  • The information uncovered within the incident contains MD5-hashed emails, IP addresses, Telephone numbers, and ZIP codes.

ApexSMS Inc., an SMS textual content advertising and marketing firm that additionally does enterprise beneath the identify of Cellular Drip, has suffered an information breach as a consequence of an unprotected MongoDB database. The unguarded database has uncovered a complete of 80,055,125 data belonging to the agency.

What information was concerned?

Based on the safety researcher Bob Diachenko, the database contained an enormous quantity of information associated to an SMS operation heart with “one of the outstanding folder referred to as ‘leads’”.

The uncovered data embody:

  • MD5 hashed e-mail
  • First/final identify
  • Metropolis/state/nation/zip
  • IP handle
  • Telephone quantity
  • Service community for cell
  • Line kind (cell or landline)

What are the opposite fascinating info?

Upon additional investigation, Diachenko discovered that ApexSMS Inc. undertakes so-called SMS Bombing campaigns. SMS bomber is a software program program that duplicates the identical message a number of instances or creates distinctive messages earlier than sending them to particular telephone numbers.

SMS Bombing is normally used for pranks, harassment or advertising and marketing campaigns. It’s extremely marketed on hacker or black hat boards. ApexSMS spammed thousands and thousands of cellular phone numbers with quite a lot of messages whereas pushing their victims to dozens of various rip-off websites.

TechCrunch reported that round 2.1 million customers had fallen sufferer to those scammed websites which have been despatched as SMS via toll-free telephone numbers.

Which scammed websites are concerned?

The leaky database additionally saved a monitor of customers who clicked on messages via Grand Slam Advertising, one other small promoting firm. The corporate’s identify got here to the sunshine via a rip-off website named ‘premium accomplice’

One other rip-off website copytm.com contained hidden code that stole customers’ names, e-mail addresses, telephone numbers, and IP addresses. The stolen information was submitted to ApexSMS spam database.

Other than storing scammed websites, the database additionally saved a report of SMS replies from customers.

What actions have been taken?

TechCrunch has reported the problem to Cellular Drip which later responded by saying that it has engaged an outdoor authorized agency to analyze the matter.

“We take compliance and information safety very severely, and we’re presently investigating to find out to what extent our info has been uncovered to unauthorized events. We have now presently engaged an outdoor authorized agency to help with our investigation of this matter and we’re additionally participating a cybersecurity agency to carry out a safety audit,” mentioned the corporate.

Though it’s unclear as for the way lengthy the database was left open on the web, Diachenko has revealed that the misconfigured database has been quietly secured days after the preliminary reporting.


- Advertisement -


Please enter your comment!
Please enter your name here

Also Read

- Advertisement -

More Articles Like This

- Advertisement -