[ad_1]
While the company, YX International, did not say for how long the database was exposed, it is certainly a call for people to change their passwords to protect their accounts from any hacking attempts.As per a report by TechCrunch, Anurag Sen, a good-faith security researcher and expert in discovering sensitive but inadvertently exposed datasets leaked on the internet, found the database.
What is SMS routing
SMS routing is a process that helps users get time-critical text messages, like OTPs and codes, across various regional cell networks and providers. YX International claims to send 5 million SMS text messages daily.
Reportedly, it left one of its internal databases exposed, allowing anyone online to access the sensitive data. One could use a web browser with knowledge of the database’s public IP address. The database had monthly logs dating back to July 2023, the report said.
How this is ‘dangerous’
The database has two-factor authentication (2FA) codes that are used as a shield against online account hijacks. In case a password is hacked, the code serves as a protection as it is sent to the account owner’s registered device, informing them that their account has been accessed. These codes expire after a few minutes or once they are used.
But codes sent over SMS text messages are not as secure as stronger forms of 2FA — an app-based code generator, for example — since SMS text messages are prone to interception or exposure, or in this case, leaking from a database onto the open web.
The publication says that the exposed database included internal email addresses and corresponding passwords associated with YX International. The database went offline a short time later, the report said.
[ad_2]
Source link