2FA codes: exposed database puts millions of users at risk

2FA codes: exposed database puts millions of users at risk

The Asian company known as YX International he committed a negligence that could cost him very dearly millions of users.

The company, which among other things deals with managing the distribution of SMS throughout the world, it did not adequately protect a database used for managing single-use codes via message. The data contained in the archive, in fact, are results of free access to anyone.

Taking into account how YX International manages yes system 2FA of technological giants such as Facebook, TikTok, WhatsApp e Google, it is easy to understand how such inattention can have disastrous results. To understand how important this company is in its sector, just think about the fact that it would manage well 5 million SMS every day.

The sensational discovery is thanks to Anurag Sensecurity researcher who discovered the incredible carelessness of XY International, which in fact did not protect the database with any type of password or protection whatsoever.

2FA codes and more: this is what the exposed database contained

The researcher who discovered the unprotected database, not knowing exactly what it was about, contacted the site TechCrunch to understand the owner of the same, without making the flaw public before the analysis of the case.

In fact, however, it immediately became clear how serious the situation was. The database, in fact, contains text messages sent to users, including single-use access codes e Password reset links for some of the largest online platforms and services. The data contained in the archive included messages archived starting from July 2023.

All this is quite serious, also because thetwo-factor authentication it is considered as one of the safest techniques for protecting online accounts.

The aforementioned TechCrunch site then understood that in reality the SMS were not the only valuable data present in the database. Apparently, in fact, the same included password e email addresses. YX International did not disclose how long the database was exposed.


Leave a Reply

Your email address will not be published. Required fields are marked *