A server belonging to Voxox (formerly Telcentris) in San Diego was exposed because the server wasn’t protected with a password. Security researcher Sébastien Kaul discovered that it was an SMS text database containing “tens of millions of text messages, including password reset links, two-factor codes, shipping notifications and more.”
Each record was meticulously tagged and detailed, including the recipient’s cell phone number, the message, the Voxox customer who sent the message and the shortcode they used.
If you’re dumb or negligent enough to not secure a password containing other peoples’ sensitive data, you should not be in whatever industry you’re in. I hope Senator Ron Wyden’s bill gets passed.