US telecom security incident exposes password resets and two-factor codes

Monday 19 November 2018 10:20 CET | News

Voxox, a US-based communications company, has exposed tens of millions of text messages, including password reset links, two-factor codes and shipping notifications in a security incident.

The exposed server wasn’t protected with a password, allowing anyone who knew where to look to access a near-real-time stream of text messages, according to TechCrunch. Usually when an online shopper receives a text message from an ecommerce company with a notification or a two-factor code for user’s login, it is companies such as Voxox that act as a gateway and convert those codes into text messages.

After an inquiry by TechCrunch, Voxox pulled the database offline. At the time of its closure, the database appeared to have a little over 26 million text messages year-to-date, the online publication continued.

Nevertheless, after a quick review of the exposed data, TechCrunch found some confidential information from companies such as, Fidelity Investments, Amazon, and Microsoft that could be exploited by bad actors to gain benefits.

Free Headlines in your E-mail

Every day we send out a free e-mail with the most important headlines of the last 24 hours.

Subscribe now

Keywords: Voxox, online security, fraud prevention, exposed data, US
Countries: World