Massive 2FA Data Leak Sends Shockwaves Through Facebook and Google Communities

Accusations Fly as SMS Routing Service, Utilized by Tech Giants Google, Facebook, and TikTok, Faces Database Leak Allegations

Account Security Nightmare: Facebook, Google, WhatsApp, and TikTok Users at Risk Due to SMS Routing Company's Data Exposure

Millions of users find their account security compromised as a result of a text message routing company's negligence. YX International, an Asia-based tech firm handling vast volumes of SMS texts daily, stands accused of leaving internal databases unprotected, exposing private 2FA codes to the public eye. This grave mishap mirrors a full-fledged data breach, highlighting the urgent need for heightened cybersecurity measures.

Researcher Reveals Leaky Company Database

The Obscure Player Behind Big Tech's Security Woes

YX International, a lesser-known entity until now, has been entrusted with handling sensitive SMS messages, including 2FA codes and password recovery information, for major tech giants.

Security researcher Anurag Sen uncovered a critical vulnerability, revealing that YX's database was openly accessible online with just its public IP address.

This oversight potentially exposes users of major platforms like TikTok, Facebook, WhatsApp, and Google to the risk of having their 2FA codes and password reset links compromised by malicious actors.

The absence of access logs on the hosting server complicates determining if unauthorized parties accessed the data beyond Sen's discovery.

YX International Shores Up Vulnerability After Exposure

YX International's Security Oversight Exposes Employee Credentials

In a further blow, the compromised database also contained email and password pairs belonging to YX International employees, effectively rendering it a breach for the company itself.

A spokesperson from YX, shrouded in mystery, informed TechCrunch—the first to break the story—that the company has taken steps to "seal this vulnerability," albeit without elaborating on the specifics of the incident.

Fortunately, the silver lining lies in the ephemeral nature of two-factor authentication passcodes, which typically expire within minutes or even seconds of issuance. This means that potential attackers would have had to monitor the leaked database in real-time to capitalize on the SMS firm's egregious security lapse.

Another Day, Another Security Blunder

YX International's Security Blunder Adds to Cybersecurity Concerns

While the news of YX International's significant oversight is concerning, it's unfortunately not an isolated incident in the cybersecurity realm.

Our recently published Impact of Technology in Workplace report sheds light on the alarming frequency of such mishaps, revealing that 1 in 10 business leaders remain unaware of whether their company fell victim to hacking in the past year.

These cybersecurity trends underscore the critical need for robust protective measures. A reliable and affordable VPN stands out as a crucial tool, as it can help safeguard your private data from online threats, even in the presence of vulnerabilities elsewhere.