• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer
  • Home
  • Microsoft Tutorials
    • Office 365
    • Windows Server 2016
    • Windows Server 2019
  • Website Tutorials
    • Marketing
    • Security
    • SEO
    • WordPress
    • WordPress Plugins
  • Linux Tutorials

365Explained.com

You are here: Home / Website Tutorials / Security / Huge leak showed millions of sensitive sms codes in database

Huge leak showed millions of sensitive sms codes in database

November 18, 2018 by oskedi01 Leave a Comment

Only using a password barred between cybercriminals and your sensitive accounts is nothing we recommend. Two-step verification has therefore sailed up as a popular complement. With this option option, the user can, for example, receive a text with a one-time code that must be entered when other login details are entered.

The procedure is much safer than just relying on passwords – but completely foolproof is not. This proved a German security scientist TechCrunch When he came across a database with 26 million sms, both password reset and two-step verification codes contain. These were originally sent from a variety of services, including Microsoft and Google Accounts.

The database, which was updated with new codes in close real-time, belonged to the US communications company Voxox. The company acts, inter alia, as a sort of intermediary that converts auto-generated codes from the online services to the sms that actually reaches the user who wants to log in. After the leak was discovered, the database was quickly closed.

The Techcrunch article shows how both the user’s phone number and recovery code are printed in plain text. The database was found through the niche search service Shodan, which is open to anyone to use. Dedicated hackers could have read and read the database in theory and then “hijack” the codes before they were used by the actual user.

Getting additional login credentials sent by sms is not the only option for two-step verification. It is becoming more common to secure their login with authentication apps like Google Authenticator, or even encrypted hardware keys that can be attached to the key ring.

 

Filed Under: Security

Previous Post: « How to Install WordPress on Vultr VPS Server
Next Post: Why Content Marketing is so Valuable »

Reader Interactions

Leave a Reply Cancel reply

You must be logged in to post a comment.

Primary Sidebar

Recent Posts

  • How To Install CentOS 8 on Vultr with Gnome Desktop GUI
  • How To Install Windows Server 2016 X64 on Vultr Cloud Server
  • What version of WordPress do I have?
  • 10 best newsletter services for WordPress
  • Choosing Broadband for Businesses is a 3-Step Decision

Footer

th

  • Home
  • Microsoft Tutorials
    • Office 365
    • Windows Server 2016
    • Windows Server 2019
  • Website Tutorials
    • Marketing
    • Security
    • SEO
    • WordPress
    • WordPress Plugins
  • Linux Tutorials

Latest Articles

  • How To Install CentOS 8 on Vultr with Gnome Desktop GUI
  • How To Install Windows Server 2016 X64 on Vultr Cloud Server
  • What version of WordPress do I have?
  • 10 best newsletter services for WordPress
  • Choosing Broadband for Businesses is a 3-Step Decision
bluehost affiliate