The company locked down the database on November 29th, a day after vpnMentor got in touch. It’s not clear how long the database was left exposed, however, or whether there was any unauthorized access. We’ve asked TrueDialog for comment.

The exposed messages aren’t going to include private conversations, but they still pose a risk. If malicious intruders accessed the database, they could have used some of the information for phishing scams and fraud. For businesses, the exposure was at least as bad — it could have let attackers hijack accounts, learn about confidential activity and even steal sales leads. This may have also given unscrupulous competitors insight into how TrueDialog works.