An unsecured SMS spam operation doxxed its owners, but also exposed personal data of 80 million people including names, locations, phone numbers, carrier network name, and IP addresses. - monyet.cc

Summary On May 10, 2019, security researcher Bob Diachenko discovered an exposed database containing the personal data of over 80 million people. The database was used by a spam operation called ApexSMS to send millions of phishing and scam messages. The database contained names, locations, phone numbers, IP addresses, and carrier network names. It also tracked which users clicked on which links and responded to which messages. ApexSMS relied on a messaging and marketing platform called Mobile Drip to send its messages. Mobile Drip denied any connection to ApexSMS, but TechCrunch disputed this claim. TechCrunch did not publish the names of the spammers, because it is for the courts to decide if the operation was unlawful. However, the company did name the companies involved in the operation, including ApexSMS, Mobile Drip, and Grand Slam Marketing. It is not known for how long the database was exposed or if anybody else accessed it. However, Diachenko said that the spammers were “still using and improperly storing the information or data of millions of people.”