.png "blank Coverage")
A technology company facilitating the transmission of millions of SMS text messages globally recently grappled with a critical security oversight: an exposed database potentially compromising users' access to platforms like Facebook, Google, and TikTok. YX International, an Asian tech and internet firm specializing in cellular networking equipment and SMS routing services, inadvertently left one of its internal databases unprotected on the internet, accessible to anyone with knowledge of its public IP address.
Responsible for handling approximately 5 million SMS text messages daily, YX International's exposed database contained sensitive information, including one-time security codes and password reset links. Anurag Sen, a diligent security researcher, discovered the database and promptly reported the breach to TechCrunch. The database harbored monthly logs dating back to July 2023 and continued to accumulate data at an alarming rate.
Among the exposed data were two-factor authentication (2FA) codes and password reset links, critical components in safeguarding online accounts against unauthorized access. While 2FA via SMS offers an additional layer of security, it's not as robust as app-based authentication methods and is susceptible to interception or leakage, as demonstrated by this incident.
In addition to user data, TechCrunch uncovered internal email addresses and passwords associated with YX International within the exposed database. Upon notification, YX International promptly addressed the vulnerability, taking the database offline to prevent further exposure. However, the company declined to disclose the duration of the exposure or whether unauthorized parties accessed the data.
When questioned about the incident, representatives from Meta, Google, and TikTok refrained from providing comments, highlighting the broader implications of data security lapses in today's interconnected digital landscape. This episode underscores the pressing need for robust cybersecurity measures and proactive risk mitigation strategies, particularly among entities entrusted with handling sensitive user information.
 |
| In addition to user data, TechCrunch uncovered internal email addresses and passwords associated with YX International within the exposed database |