Privacy-focused social network True leaves user data exposed online

security
(Image credit: Shutterstock / binarydesign)

Privacy-focused social network True has suffered a serious data breach after a server containing private user data was left exposed online.

Launched in 2017, the company is founded on a commitment to user privacy and promises never to sell or share user data, but a security snafu appears to have seen its pledge broken.

According to security firm SpiderSilk, a configuration error meant that anyone could read and browse the database, which was not protected by a password nor any form of encryption.

The server is said to have contained information such as user email addresses, phone numbers, private messages and location data, but also account access tokens that could be used to hijack user accounts.

True data breach

A number of tests conducted by SpiderSilk showed that the data exposed online could be used to seize control of accounts and post messages to the victim’s feed, but also that True’s data retention claims may not hold water.

According to the social network, deleting an account “will immediately remove all of your content from our servers”, but a test conducted in conjunction with TechCrunch revealed that this was not the case.

Data attached to a dummy account - including private messages, posts and photos - was still accessible via the exposed database after deletion.

Mossab Hussein, CSO at SpiderSilk, was inclined to give the company the benefit of the doubt; security mishaps and data retention errors of this kind are commonplace - and often inadvertent. 

“This is another example of how mistakes can happen at any organization, even those that are privacy centric,” he said.

“It highlights the importance of not only building secure applications and websites, but also ensuring that proper data security measures are embedded within their internal procedures.”

True CEO Bret Cox has since acknowledged the incident and the offending server has been taken down, but the firm has not yet published an official statement.

Joel Khalili
News and Features Editor

Joel Khalili is the News and Features Editor at TechRadar Pro, covering cybersecurity, data privacy, cloud, AI, blockchain, internet infrastructure, 5G, data storage and computing. He's responsible for curating our news content, as well as commissioning and producing features on the technologies that are transforming the way the world does business.

Latest in Security
Data leak
Top home hardware firm data leak could see millions of customers affected
Representational image depecting cybersecurity protection
Third-party security issues could be the biggest threat facing your business
A stylized depiction of a padlocked WiFi symbol sitting in the centre of an interlocking vault.
Broadcom warns of worrying security flaws affecting VMware tools
Android Logo
Devious new Android malware uses a Microsoft tool to avoid being spotted
URL phishing
HaveIBeenPwned owner suffers phishing attack that stole his Mailchimp mailing list
Ransomware
Cl0p resurgence drives ransomware attacks to new highs in 2025
Latest in News
A business woman looking at AI on a transparent screen
Most businesses are now fully embracing AI - but aren't always protected against the risks
The Samsung Galaxy S25 Edge on display the January 22, 2025 Galaxy Unpacked event.
All three rumored Samsung Galaxy S25 Edge colors shown off in ‘official’ images
Cristiano Ronaldo promotional image for Fatal Fury: City of the Wolves
Yes, Cristiano Ronaldo is a playable character in Fatal Fury: City of the Wolves, and it makes more sense than you think
Buzz Lightyear Space Ranger Spin Rennovations
Disney’s giving a classic Buzz Lightyear ride a tech overhaul – here's everything you need to know
Hisense U8 series TV on wall in living room
Hisense announces 2025 mini-LED TV lineup, with screen sizes up to 100 inches – and a surprising smart TV switch
Nintendo Music teaser art
Nintendo Music expands its library with songs from Kirby and the Forgotten Land and Tetris