Why you may need to change your Google, Facebook and TikTok passwords

8 months ago 17

A technology company that provides cellular equipment and SMS routing services has said that it has secured a database containing one-time security codes used by millions for accessing popular platforms like

Facebook

Google

, and

TikTok

. These codes, vital for two-factor authentication, were potentially exposed, raising concerns about user security.
While the company, YX International, did not say for how long the database was exposed, it is certainly a call for people to change their

passwords

to protect their accounts from any hacking attempts.

As per a report by TechCrunch, Anurag Sen, a good-faith security researcher and expert in discovering sensitive but inadvertently exposed datasets leaked on the internet, found the database.

What is SMS routing

SMS routing is a process that helps users get time-critical text messages, like OTPs and codes, across various regional cell networks and providers. YX International claims to send 5 million SMS text messages daily.
Reportedly, it left one of its internal databases exposed, allowing anyone online to access the sensitive data. One could use a web browser with knowledge of the database’s public IP address. The database had monthly logs dating back to July 2023, the report said.

How this is ‘dangerous’
The database has two-factor authentication (2FA) codes that are used as a shield against online account hijacks. In case a password is hacked, the code serves as a protection as it is sent to the account owner’s registered device, informing them that their account has been accessed. These codes expire after a few minutes or once they are used.
But codes sent over SMS text messages are not as secure as stronger forms of 2FA — an app-based code generator, for example — since SMS text messages are prone to interception or exposure, or in this case, leaking from a database onto the open web.
The publication says that the exposed database included internal email addresses and corresponding passwords associated with YX International. The database went offline a short time later, the report said.

Article From: timesofindia.indiatimes.com

Read Entire Article

Note:

We invite you to explore our website, engage with our content, and become part of our community. Thank you for trusting us as your go-to destination for news that matters.

Certain articles, images, or other media on this website may be sourced from external contributors, agencies, or organizations. In such cases, we make every effort to provide proper attribution, acknowledging the original source of the content.

If you believe that your copyrighted work has been used on our site in a way that constitutes copyright infringement, please contact us promptly. We are committed to addressing and rectifying any such instances

To remove this article:
Removal Request