Zack WhittakerFeb 29, 2024

New, by me: A technology company that routes millions of SMS text messages across the world has secured an exposed database that was spilling one-time security codes that may have granted users’ access to their Facebook, Google and TikTok accounts.

The SMS routing company's database was connected to the internet with no password.

More: https://techcrunch.com/2024/02/29/leaky-database-two-factor-codes/

A leaky database spilled 2FA codes for the world's tech giants | TechCrunch

An SMS routing company's exposed database was left online without a password, spilling 2FA codes and password reset links to the open web.

TechCrunch
Show threadlick here for more info

@zackwhittaker so much "you had one job" it hurts.

And plenty of services use SMS codes as the only factor (which is already stupid, but this just brings it to the next level)

Mar 1, 2024 at 12:24amWeb