Monday, 23 December 2024
25.7 C
Singapore

A massive security breach: Millions of 2FA codes leaked

Significant security breach where YX International's database leak compromised millions of 2FA codes from major tech firms.

YX International, an Asian tech giant known for its extensive SMS routing services, inadvertently exposed a database containing millions of sensitive text messages. This breach, discovered by security researcher Anurag Sen, compromised the integrity of two-factor authentication (2FA) codes belonging to several major technology companies, including , , and TikTok.

How the breach happened

Imagine a scenario where a database, filled with critical information, is left unguarded on the internet. That’s precisely what happened with YX International. Their internal database, which robust security measures should have shielded, was left open without password protection. This oversight meant anyone with knowledge of the database’s public IP address could access this sensitive data through a web browser.

YX International, a firm boasting the dispatch of 5 million SMS texts daily, failed to secure this database, resulting in a serious security lapse. The database logs, dating back to July 2023, contained one-time passcodes and password reset links for users of some of the world’s most prominent tech firms.

The implications of the leak

You might be wondering how severe this breach is. Two-factor authentication is a widely adopted security measure that sends an additional code to a trusted device, like your phone, to prevent account hijacks. However, the codes found in the leaked database, which are meant to expire after a few minutes or once used, pose a significant risk. The SMS-based 2FA, although convenient, is not as secure as other forms like app-based code generators. This incident highlights the vulnerability of relying on SMS for critical security functions.

When TechCrunch, the news outlet Sen contacted, delved into the exposed database, they discovered the 2FA codes, internal email addresses, and passwords associated with YX International. This breach was reported to the company, leading to the database being offline shortly after that. However, YX International could not confirm the duration the database was exposed or whether any malicious parties accessed the sensitive data.

Tech giant’s response to the breach

Following this discovery, TechCrunch reached out to the affected companies for comments. While a Meta spokesperson chose not to comment, representatives from Google and TikTok did not respond to the requests. YX International acknowledged the vulnerability and claimed to have “sealed” it, yet they could not provide logs to ascertain if others had accessed the data.

This incident is a stark reminder of the fragility of digital security and the importance of robust data protection measures. It highlights the need for continuous vigilance and improvement in cybersecurity protocols for large corporations and all who rely on digital platforms for their daily operations.

Hot this week

Agentforce 2.0 revolutionises digital labour for enterprises

Salesforce launches Agentforce 2.0, a digital labour platform enabling enterprises to scale with AI agents, improving productivity and customer support.

Asus unveils NUC 14 Pro AI: The first mini PC with Copilot Plus support

Discover Asus' NUC 14 Pro AI, the first mini PC with Copilot Plus support. It boasts Intel Core Ultra processors, advanced features, and a compact design.

Google offers remedies for monopoly concerns after DOJ demands major changes

Google offers remedies for antitrust violations, proposing flexible contracts after the DOJ called for the divestiture of Chrome and Android restrictions.

Apple’s next AirTag could track items over longer distances

Apple’s next AirTag is expected to triple its tracking range with a new UWB chip, offering improved Precision Finding for locating items.

iRobot founder launches health-focused robotics startup

iRobot founder Colin Angle launches Familiar Machines & Magic, a health-focused robotics startup aiming to blend practicality with companionship.

Strategic AI investments give businesses a competitive edge

AI investment drives innovation and efficiency, with businesses gaining a competitive edge through strategic leadership and long-term integration.

Open-source machine learning systems face increasing security threats

Open-source machine learning tools face rising security threats, with recent findings highlighting critical vulnerabilities across key frameworks.

Google offers remedies for monopoly concerns after DOJ demands major changes

Google offers remedies for antitrust violations, proposing flexible contracts after the DOJ called for the divestiture of Chrome and Android restrictions.

Apple’s next AirPods Pro may include health-tracking features

Apple's next AirPods Pro may feature heart rate and temperature tracking, and there are long-term plans for AI-enhanced camera integration.

Related Articles

Popular Categories