Monday, 28 April 2025
26.7 C
Singapore
27.6 C
Thailand
21 C
Indonesia
27.2 C
Philippines

A massive security breach: Millions of 2FA codes leaked

Significant security breach where YX International's database leak compromised millions of 2FA codes from major tech firms.

YX International, an Asian tech giant known for its extensive SMS routing services, inadvertently exposed a database containing millions of sensitive text messages. This breach, discovered by security researcher Anurag Sen, compromised the integrity of two-factor authentication (2FA) codes belonging to several major technology companies, including Facebook, Google, and TikTok.

How the breach happened

Imagine a scenario where a database, filled with critical information, is left unguarded on the internet. That’s precisely what happened with YX International. Their internal database, which robust security measures should have shielded, was left open without password protection. This oversight meant anyone with knowledge of the database’s public IP address could access this sensitive data through a web browser.

YX International, a firm boasting the dispatch of 5 million SMS texts daily, failed to secure this database, resulting in a serious security lapse. The database logs, dating back to July 2023, contained one-time passcodes and password reset links for users of some of the world’s most prominent tech firms.

The implications of the leak

You might be wondering how severe this breach is. Two-factor authentication is a widely adopted security measure that sends an additional code to a trusted device, like your phone, to prevent account hijacks. However, the codes found in the leaked database, which are meant to expire after a few minutes or once used, pose a significant risk. The SMS-based 2FA, although convenient, is not as secure as other forms like app-based code generators. This incident highlights the vulnerability of relying on SMS for critical security functions.

When TechCrunch, the news outlet Sen contacted, delved into the exposed database, they discovered the 2FA codes, internal email addresses, and passwords associated with YX International. This breach was reported to the company, leading to the database being offline shortly after that. However, YX International could not confirm the duration the database was exposed or whether any malicious parties accessed the sensitive data.

Tech giant’s response to the breach

Following this discovery, TechCrunch reached out to the affected companies for comments. While a Meta spokesperson chose not to comment, representatives from Google and TikTok did not respond to the requests. YX International acknowledged the vulnerability and claimed to have “sealed” it, yet they could not provide logs to ascertain if others had accessed the data.

This incident is a stark reminder of the fragility of digital security and the importance of robust data protection measures. It highlights the need for continuous vigilance and improvement in cybersecurity protocols for large corporations and all who rely on digital platforms for their daily operations.

Hot this week

Rivian adds Cohere CEO to its board, showing confidence in AI direction

Rivian welcomes Cohere CEO Aidan Gomez to its board, marking a big move into AI and advanced tech for future vehicle innovation.

Mac-style tools are coming to iOS 19 and iPadOS 19 to boost productivity

Apple is planning Mac-style updates in iOS 19 and iPadOS 19 to boost productivity, with features expected at WWDC 2025.

Bethesda releases The Elder Scrolls IV: Oblivion Remastered – and you can play it now

Bethesda released Oblivion Remastered, which features full visual upgrades and quality-of-life improvements and is now available across major platforms.

Anbernic stops US shipments amid rising tariff concerns

Anbernic halts US shipments due to rising tariffs, urging customers to order from its US warehouse to avoid high import duties.

Meta’s Oversight Board asks for clarity on new hate speech rules

Meta’s Oversight Board is urging more transparency on hate speech policy changes and urging the company to protect vulnerable users.

Gitex Asia x Ai Everything Singapore highlights robotics, AI and next-gen tech at inaugural event

Gitex Asia x Ai Everything Singapore highlights robotics, AI, startups, and tech innovations, shaping Southeast Asia’s digital future.

Lenovo introduces new ThinkPad mobile workstations and business laptops for the AI-ready workforce

Lenovo refreshes its ThinkPad lineup with new AI-ready mobile workstations and business laptops, enhancing mobility, performance, and security.

SquareX secures US$20 million to transform browser security

SquareX raises US$20 million to strengthen browser security, offering enterprises an easy way to protect users without disrupting their workflows.

Smart Communications acquires Joisto to strengthen cloud archival capabilities

Smart Communications acquires Joisto to expand cloud-based customer conversation and archival solutions, strengthening its leadership in CCM and IXM.

Related Articles

Popular Categories