Skip to main content

Major SMS leak exposed millions of messages

(Image credit: Image Credit: Melina Sampaio Manfrinatti / Flickr)

A huge database with user names, smartphone numbers, SMS messages and even two-factor authentication codes has been exposed, putting personal details at risk.

Sébastien Kaul, a Berlin-based security researcher, used Shodan, a search engine for publicly available devices and databases to uncover the server, and the database, which belongs to Voxox, a San Diego based communications company. 

Voxox is the gateway between companies that send out messages that verify phone numbers or send two-factor authentication codes, and the end recipients.

As a gateway, they’re the ones that convert information sent out by companies into actual text and numbers.

The database is now pulled offline, but at the moment it was uncovered, it had more than 26 million entries. TechCrunch says data like Badoo passwords, Booking two-factor codes, Google two-factor codes, shipping notification texts, phone number verifications, were all easily found in the database.

“Yeah, this is very bad,” said Dylan Katz, a security researcher, who reviewed some of the findings. “My real concern here is the potential that this has already been abused,” said Katz. “This is different from most breaches, due to the fact the data is temporary, so once it’s offline any data stolen isn’t very useful.”

Voxox co-founder and chief technology officer, Kevin Hertz, said in the company is “looking into the issue and following standard data breach policy at the moment.”

Image Credit: Melina Sampaio Manfrinatti / Flickr