AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |
Back to Blog
Of course that someone will have to be someone close to you and they also need to know your password. It is fairly easy for someone to gain access to them and make a copy that they can use to break into your account. They are as secure as a password that you write down on a piece of paper and hide. How to sign in to a 2FA-enabled Google account when you lose your phoneĪ key downside of these verification backup codes is that they are not very safe and secure.How to Increase your Online Security by Enabling Two-Step Verification. As soon as you refresh the old unused codes expire and you get a set of 10 new codes. You can also replace the codes with new codes when you need to, such as when you are almost depleting the old ones. More importantly so if you misplace them or suspect that they may be compromised. Spokespeople for Google and TikTok did not respond to requests for comment.Google allows you to deactivate these codes by deleting them. When reached by email, a Meta spokesperson did not comment. YX International would not say for how long the database was exposed. When asked by TechCrunch, the YX International representative said that the server did not store access logs, which would have determined if anyone other than Sen discovered the exposed database and its contents. A representative for YX International, who did not provide their name, responded soon after saying the company “sealed this vulnerability.” The database went offline a short time later. In the exposed database, TechCrunch found sets of internal email addresses and corresponding passwords associated with YX International, and alerted the company to the spilling database. Two-factor codes and password resets, like the ones found in the exposed database, typically expire after a few minutes or once they are used.īut codes sent over SMS text messages are not as secure as stronger forms of 2FA - an app-based code generator, for example - since SMS text messages are prone to interception or exposure, or in this case, leaking from a database onto the open web. Two-factor authentication (2FA) offers greater protection against online account hijacks that rely on password theft by sending an additional code to a trusted device, such as someone’s phone. The database had monthly logs dating back to July 2023 and was growing in size by the minute. Sen told TechCrunch that the exposed database included the contents of text messages sent to users, including one-time passcodes and password reset links for some of the world’s largest tech and online companies, including Facebook and WhatsApp, Google, TikTok, and others. Sen said it was not apparent who the database belonged to, nor who to report the leak to, so Sen shared details of the exposed database with TechCrunch to help identify its owner and report the security lapse. YX International claims to send 5 million SMS text messages daily.īut the technology company left one of its internal databases exposed to the internet without a password, allowing anyone to access the sensitive data inside using only a web browser, just with knowledge of the database’s public IP address.Īnurag Sen, a good-faith security researcher and expert in discovering sensitive but inadvertently exposed datasets leaking to the internet, found the database. SMS routing helps to get time-critical text messages to their proper destination across various regional cell networks and providers, such as a user receiving an SMS security code or link for logging in to online services. The Asian technology and internet company YX International manufactures cellular networking equipment and provides SMS text message routing services. A technology company that routes millions of SMS text messages across the world has secured an exposed database that was spilling one-time security codes that may have granted users’ access to their Facebook, Google and TikTok accounts.
0 Comments
Read More
Leave a Reply. |