Earlier this year, I discovered that SMS marketing firm, Rocket Text (rocket-text.com), failed to secure its Mongo database exposing just over 63 million customer emails and phone numbers.
Rocket Text, formerly known as ApexSMS, first came under scrutiny after a May 2019 disclosure by myself to TechCrunch highlighted that the company failed to secure its Mongo database of customer information by neglecting to password-protect their server. This lack of simple server protection is exactly the same kind of failure I would find again with the recent leak associated with Rocket Text.
The exposed records include:
In the previous leak, there was a distinction made between cellphone numbers and landlines in the data. In this leak, however, that distinction is not made, but we assess that the numbers being leaked and unprotected on the server are cellphone numbers based on our technical analysis. We note that not all marketing firms are this careless with our data. Most companies go to great lengths to ensure that our personal information is protected commensurate with today’s high industry standards. Regardless, it is time for us to own our digital footprint by being mindful of what we click on, sign up for, and the terms of the offers associated with today’s miraculous technological advancements.
Interestingly, I reached out to the Rocket Text support team at the email address provided on their website, but the email was returned, and I was informed that the “…email account does not exist.”
Major phone number leaks, like the one from Rocket Text, exposes clients to SMS phishing…also known as “smishing.” Mobile spam is not just annoying. It can be downright dangerous if it tricks you into clicking on a link that will inject malware into your system or that will steal your personal information.
As more and more people make greater use of smartphones to manage their online banking and accounts, the risk from smishing becomes even greater. Here are a few tips to avoid falling prey to SMS phishing scams beyond simply avoiding clicking links in SMS messages: