ApexSMS Inc., a SMS text marketing company that also trades under the name of Mobile Drip, has suffered a data breach with the records of about 80 million people found exposed on an unsecured database.

First reported Thursday by researcher Bob Diachenko at Security Discovery, the breach of a database owned by the company was first detected on April 11. It included hashed email addresses, names, city locations, IP address, phone number and carrier network for mobile.

Not a lot is known about the company other than it’s allegedly a text-messaging spamming operation that undertakes so-called SMS “bombing” campaigns. According to Diachenko, an SMS bomber is a software program that duplicates the same message multiple times or rotates different messages and sends all the messages to a particular number. It apparently can be used for pranks, harassment or marketing campaigns.

Ben Goodman, vice president of global strategy and innovation at ForgeRock Inc., told SiliconANGLE that SMS marketing operations have become a nuisance thanks to the rise of scripts and applications that send a seemingly infinite number of messages as quickly as they can be forwarded.

“The ethics and legality of this exact operation should be called into question, especially since some of the data was added to the exposed list after being scraped by copytm.com and other scam sites,” Goodman said.

Anurag Kahol, chief technology officer at Bitglass Inc., raised concerns about the volume of data exposed, noting that a malicious actor could easily cross-reference data leaked in previous breaches and compile extremely accurate profiles of victims.

“This would enable highly targeted spear phishing campaigns as well as other types of attacks,” Kahol noted. “Most individuals disregard the importance of having information such as their mobile carriers exposed; however, even a detail that innocuous can be used in a phishing email to trick victims into clicking a malicious URL or opening a document that contains malware.”

Breaches from system misconfigurations have become all too common, said Brian Johnson, chief executive officer and co-founder of Divvy Cloud Corp. “The truth is, organizations are lacking the proper tools to identify and remediate insecure software configurations and deployments,” he said. “Automated cloud security solutions enable companies the ability to detect misconfigurations and alert the appropriate personnel to correct the issue, and they can even trigger automated remediation in real time.”

Image: Mobile Drip