SMS breach reveals millions of personal details2018-11-19 15:12 by Daniela
A massive data breach has exposed tens of millions of SMS text messages. The breach involved a database of 26 million text messages, some of which included private customer data like password reset information, shipping notifications and two-factor authentication (2FA) codes.
The issue has been noticed by a security researcher out of Berlin named Sebastien Kaul. Using Shodan, a database search engine, Kaul found the database with the messages on a server belonging to Voxox, a communications company based in San Diego. The server wasn't protected with a password, allowing anyone who knew where to look to peek in and snoop on a near-real-time stream of text messages.
Among the data were two-factor authentication (2FA) messages allowing Booking.com partners to log into their company's extranet network, a password sent in plaintext to a Los Angeles phone number by dating app Badoo, and Huawei ID and Microsoft account password reset codes. There were also messages from Yahoo account keys, and user verification from other apps like KakaoTalk, Viber, and online quiz app HQ Trivia.
Using 2FA is generally regarded as a superior way of securing an account than using a password alone, but even adding that extra layer of security comes with its own unique risks.
Read more -here-