Major Tech Firm's Database Leak Exposes Social Media 2FA Codes

A leading tech firm that is known for routing millions of messages around the globe has just gone public about the security of one of its leaked databases that had been exposed for quite some time.

The data was rolling out 2FA codes that could give users the chance to attain their accounts on leading social media platforms. This includes Facebook and Google amongst others.

The organization based in Asia is known as YX Internation and it’s famous for rolling out quite a lot of cellular networking materials while giving rise to routing services for text messages. Routing SMS assists in getting time-crucial messages to reach the right destination around several cell networks in a certain region or by a certain provider.

It’s like a user getting security codes for logging into a certain online service if needed.

YX International mentioned how it’s ready to generate close to 5 million texts each day. However, the firm is guilty of leaving one of the biggest databases exposed online without any kind of security check like a password in place. This means anyone would have access to the information that is truly sensitive with a simple browser click. All you need is the ‘know-how’ of getting the public IP address and that’s it.

The news comes to us (via TechCrunch) thanks to one leading security expert and researcher by the name Anurag Sen who explored how the database was exposed. For now, she was not sure who it belonged to and who the reporting should be made to. Therefore, she just put out details on this front and took help from tech news outlet TechCrunch to assist in highlighting who the owner happened to be and then generate a report regarding the whole security lapse endeavor.

Speaking to TechCrunch recently, she added how much-exposed databases entailed content belonging to texts that were sent out to users. This includes OTP and reset options in the form of links to big tech giants Meta, TikTok, Google, and beyond.

Some monthly logs go as far back as July 2023 and they continue to grow with time.

2FA gives rise to more protection against online account hijacking attempts that put reliance on password theft by rolling out additional options to trusted devices. This includes the likes of another person’s phone. It tends to expire after several minutes or after being used once.
Any codes rolled out across a text are not secure to begin with as there are some stronger types of 2FA such as code generated via an app, for instance.

In this particular situation, we saw how email IDs found internally had corresponding passwords linked to YX International and they gave out alerts to the firm with the spilled database. The latter switched to offline in a short while. Meanwhile, one rep for the company added that any exposed vulnerability was now sealed so there was no need to worry.

Leading tech company YX International faces scrutiny after leaked database exposes 2FA security codes for social media.
Image: DIW-Aigen

Read next: Google Chrome Makes New Changes To Better Search Suggestions Within The Browser
Previous Post Next Post