A SMS Database leak exposes millions of two-factor codes and reset links

posted in: General, News | 0

The leaky database, which belonged to Voxox, is a service that claims to process billions of calls and text messages monthly. TechCrunch said that Berlin-based researcher SĂ©bastien Kaul used the Shodan search engine for publicly available devices and databases to find the messages. The database stored texts that were sent through a gateway Voxox provided to businesses that wanted an automated way to send data for password resets and other types of account management by SMS.

TechCrunch counted more than 26 million messages sent since the beginning of the year, but based on the volume of messages the publication saw passing through the platform per minute, the actual number may be higher. The database ran on Amazon’s Elasticsearch and was configured with a Kibana front-end to make the phone numbers, names, and other contents easy to browse and search. For more information, please visit Techcrunch.