SMS Spammers Expose 80 Million Records Online

Written by

The administrators of an SMS spam operation left an unsecured MongoDB instance wide open online, exposing over 80 million records linked to their ‘leads,’ according to researchers.

Bob Diachenko revealed the discovery in a blog post late last week, claiming the MongoDB instance was named “ApexSMS” and left without password protection.

“Upon further research it was identified that the MongoDB instance name ApexSMS is also the name of an SMS Bombing program with the same name that is highly advertised on hacker or black hat forums,” he continued.

“What is SMS Bombing? Typically, cell phone users send one message at a time. However, an SMS bomber is a software program that duplicates the same message multiple times or rotates different messages and sends all the messages to a number of your choice. This can be used for pranks, harassment, or in this case marketing products or services.”

The database of 80 million records uncovered by Diachenko included MD5 hashed emails; full names; city/state/country/postcode; IP address; phone number; carrier network for mobile and landline/mobile.

It also included the messages used in the campaign to trick recipients into clicking on links by pretending to be friends or family. Plus, it recorded any text responses from victims.

Diachenko also suggested the administrators of the campaign may be linked to cloud-based SMS platform Mobile Drip, which claims to offer legitimate high-volume mobile marketing services.

The database itself was “quietly secured” a few days after he discovered it.

Tom Davison, EMEA director at Lookout, argued that unsolicited communications represent a challenge for the end user in validating the reputation of the sender without exposing themselves to further risk.

“If individuals come across a similar campaign or they are unsure of the sender, then the advice remains the same to never click on any links in texts or share personal details,” he added.

“In addition, a mobile endpoint security solution that assesses web and content risk removes this uncertainty and allows for safer interactions."

What’s hot on Infosecurity Magazine?