Millions of Google, WhatsApp, Facebook and TikTok Security Codes Leaked on the Internet

JAKARTA – Cyber ​​security researcher, Anurag Sen , discovered a data leak of Google, WhatsApp and Facebook security codes spread across the internet. Unmitigated, the amount of leaked data reached millions.

The internal database, discovered by Sen was left unprotected without a password. That way anyone who knows the IP address of the database will be able to access it just by using a low standard web browser.

Although it is not clear regarding the ownership of the exposed database, the leaker is known to be YX International. This is an Asian company that provides SMS text message routing and other services, reported Forbes, Wednesday (6/3/2024).

Sen advises against using SMS messages for two-factor authentication codes. With a daily flow of 5 million SMS messages sent worldwide, YX International’s database is a repository of sensitive information.

“Many companies are moving their production servers to the cloud but basic authentication and encryption are not in place. “The exposed database shows that methods for storing and processing 2FA need to be more robust and secure,” Sen said.

Jake Moore, global cybersecurity advisor at ESET, said one-time passwords via SMS are a much more secure option than relying on passwords alone. But where threats are now multi-layered, accounts need the strongest multi-layered protection to stay safe.

“Passkeys, authenticator apps, and physical security keys all offer more secure protection. So, setting up security is now easier than ever. Anyone who relies solely on passwords or using SMS 2FA codes may want to reconsider their initial choice.” Jake said.

(and)