A massive database managing millions of text messages was reportedly discovered unsecured, exposing sensitive information such as password resets and two-factor security codes.
Vovox, a San Diego-based communications company maintained the server, which was left unprotected by password, offering anyone knowing where to look a real-time glimpse at a steady stream of text messages, TechCrunch reported Thursday. The unsecured server was discovered on Shodan, a search engine for publicly available devices and databases, TechCrunch reported.
The database appeared to contain more than 26 million text messages, each containing the message and tagged with the recipient’s cell phone number, TechCrunch reported. Among the information reportedly discovered were security codes sent by Fidelity Investments, a temporary banking password sent by a Silicon Valley credit union and an Amazon tracking notification with UPS tracking information.
Two-factor authentication is one of the easiest ways to prevent hackers from hijacking your accounts, stopping unauthorized people from accessing accounts, even if they know the user’s password. Users of two-factor authentication rely on an SMS version of it, where a PIN code is texted to their phones.
Vovox didn’t immediately respond to a request for comment but reportedly pulled the database off line after TechCrunch raised questions about its security.
CNET’s Holiday Gift Guide: The place to find the best tech gifts for 2018.
Best Black Friday 2018 deals: The best discounts we’ve found so far.