SMS for Two-Factor Authentication is a problem
Recent information revealed that a massive database containing information on millions of text messages was reportedly discovered unsecured, exposing sensitive information such as password resets and two-factor security codes as reported by TechCrunch.
The unsecured server was discovered on Shodan, which is a search engine for publicly available (unsecured) devices and databases, the database appeared to contain more than 26 million text messages, each containing the message and tagged with the recipient’s cell phone number.
A text-message gateway biz called Voxox reportedly left vital systems open on the internet, allowing anyone to inspect it in real time and glean sensitive information being sent out to the intended recipients.
Voxox is used by companies to send SMS messages to their users, this includes messages containing password reset and two-factor authentication (2FA) codes. Germany-based infosec bod Sébastien Kaul found the leaky systems via a Shodan.io search, and the Amazon-hosted database of messages searchable for goodies, TechCrunch reports.
The data store, which at one point had 26 million messages in it, and by all indications has since been hidden from public view.