Massive database breach leaves millions of text messages exposed

Doris Richards
November 19, 2018

The server itself belongs to the communications company Voxox (formerly Telcentris) which failed to secure it and the data it holds with a password.

Tens of millions of SMS text messages automatically sent from companies have been exposed by a security lapse.

SMS has been around forever, and that means that many of us have it set up for all kinds of things, with hospital appointment reminders, two-factor authentication codes, and more sent in text form to a user's phone.

That's what Sébastien Kaul, a Berlin-based security researcher, discovered on a Voxox server, TechCrunch reports. It was also attached to one of Voxox's own subdomains. However, before it was, the database had over 26m text messages year-to-date but this number could actually be higher due to how many messages the platform processed per minute. The findings revealed that the database included text messages sent to customers with passwords for several apps, two-factor codes for Google accounts in Latin America, links with Amazon's delivery package tracker, verification links for Viber, KakaoTalk and other messaging services, Huawei ID codes, Microsoft verifications codes among other information.

Mike Godfrey, chief executive at security firm Insinia Security, said: "With text messages used for two factor authetication, we all knew this was a bad idea because hackers can get access to text messages".

The firm took the database down after TechCrunch contacted it. Voxox's co-founder, Kevin Hertz, said in an email that the company is looking into the issue and evaluating the impact of the incident.

Other reports by Iphone Fresh

Discuss This Article