Summary
TLDR: An unprotected database belonging to a SMS routing operator responsible for sending 2FA codes to users of Meta, Google, and possibly crypto firms was discovered. While 2FA is a security measure, it is not foolproof as hackers can still find ways to gain unauthorized access. Criminals have been using methods like SIM swaps to beat 2FA. Apple has improved security measures to combat these threats. Binance and Coinbase were contacted for comment on the data leak but had not responded.
Key Points
1. A security researcher discovered an unprotected database governing access to services from some of the world’s biggest tech companies, responsible for sending two-factor authentication codes to users of Meta, Google, and possibly crypto firms. The database was exposed without a password on the public internet, allowing anyone with the IP address to view the data.
2. YX International sends security codes to users logging into platforms belonging to Meta, Google, and TikTok, ensuring the messages are routed speedily through mobile networks globally. These security codes are part of a two-factor authentication scheme used by many large companies to protect user accounts.
3. Two-factor authentication is not foolproof, as hackers can still find ways to steal funds from crypto wallets by acquiring authentication factors through phishing attacks, account recovery procedures, malware, and intercepting text messages used in 2FA. Criminals have also used methods like bypassing 2FA on Apple devices, SIM swaps, and quantum technology advancements to beat 2FA security measures.