Text message database reportedly leaked password resets | Cyber Security

A massive managing millions of messages was discovered unsecured, exposing sensitive information such as password and two-factor codes.

Vovox, a San Diego-based communications company maintained the server, which was left unprotected by password, offering anyone knowing where to look a real-time glimpse at a steady stream of text messages, Tech reported Thursday. The unsecured server was discovered on Shodan, a search engine for publicly available devices and databases, Tech reported.

The database appeared to contain more than 26 text messages, each containing the message and tagged with the recipient’s cell phone number, Tech reported. Among the information reportedly discovered were security codes sent by Fidelity Investments, a temporary banking password sent by a Silicon Valley credit union and an Amazon tracking notification with UPS tracking information.

Two-factor authentication is one of the easiest ways to prevent from hijacking your accounts, stopping unauthorized people from accessing accounts, even if they know the user’s password. Users of two-factor authentication rely on an SMS version of it, where a PIN code is texted to their phones.

Vovox didn’t immediately respond to a request for comment but reportedly pulled the database off line after Tech raised questions about its security.

You might also like More from author

Comments are closed.