An anonymous reader cites a TechCrunch report. A tech company that routes millions of SMS text messages around the world leaked a public database of one-time security codes that could have given users access to their Facebook, Google and TikTok accounts. has been secured. YX International, an Asian technology and internet company, manufactures mobile phone network equipment and provides SMS text message routing services. SMS Routing helps users get time-critical text messages, such as receiving SMS security codes or links to log into online services, to the right destination across different regional cell networks and providers. YX International claims to send 5 million SMS text messages every day. However, the technology company left one of its internal databases exposed to the Internet without a password, allowing anyone who knew the database's public IP address to access sensitive internal data using only a web browser. I was able to do it.
Anurag Sen, a bona fide security researcher and expert in finding sensitive but accidentally published datasets leaked onto the internet, discovered this database. Sen shared details of the leaked database with TechCrunch to help identify the owner and report security flaws, as it was not clear who the database belonged to or who to report the breach to. said. Sen told TechCrunch that the published database includes the content of text messages sent to users, including data from some of the world's largest tech and online companies, including Facebook, WhatsApp, Google, and TikTok. It said it contained a one-time passcode and a password reset link. In the database, he had monthly logs going back to July 2023, and the size was increasing by the minute. TechCrunch discovered a series of internal email addresses and corresponding passwords associated with YX International in the leaked database and alerted the company to the database breach. The database went offline after a while.