Voxox told TechCrunch it was "looking into the issue and following standard data breach policy at the moment". The systems behind SMS text messages has not been changed for decades, making it vulnerable to spoof messages and phishing. The leaky nature of SMS communication, which travels on phone networks and can be compromised or fooled by hackers, has led some companies, such as Facebook and Google, to offer secure apps to verify users instead. Upon learning of this incident, Twilio triggered our incident response process to examine whether or not this wholesale SMS provider, Voxox, was in use by the.
With two factor security it makes the system worse because you are lulled into a false sense of security." Mike Godfrey, chief executive at security firm Insinia Security, said: "With text messages used for two factor authetication, we all knew this was a bad idea because hackers can get access to text messages. San Francisco-based Voxox was one of those middlemen companies, converting the messages into text for delivery to users.Īpps including messaging service Viber and Kakao, used the service for verifying phone numbers, as did quiz app HQ Trivia. The leak shows the risks of text message-based communications with companies that are easier to intercept than encrypted digital messages. However, the access codes in these would typically only have worked for a few minutes after they had been sent. It was not password protected, meaning anyone could enter and access the data.Įxposed on the database were a stream of near real-time messages. The exposed server could be found by Sébastien Kaul, a Berlin-based security researcher, using a search engine for public devices and data bases named Shodan.
Voxox sms verification verification#
Password verification messages for Google accounts, Amazon delivery tracking notices, messaging apps and security codes for major financial investment companies were all included in the leak.
The files included 26 million records of text messages this year alone, according to TechCrunch. The database of text messages, used by companies to send password reset information, shipping notifications and security codes, was left exposed by communications company Voxox. Tens of millions of text messages and security codes were exposed in an online database that did not even have a password, security researchers have found.
0 kommentar(er)
