A security breach exposed two-factor authentication (2FA) codes/password reset links for millions of users on platforms like Facebook, Google, and TikTok.

Key Points:

  • YX International, an SMS routing company, left an internal database exposed online without a password.
  • The database contained one-time 2FA codes and password reset links for various tech giants.
  • YX International secured the database and claims to have “sealed the vulnerability.”
  • The company wouldn’t confirm how long the database was exposed or if anyone else accessed it.
  • Representatives from Meta, Google, and TikTok haven’t commented yet.

Concerns:

  • This leak highlights the vulnerabilities of SMS-based 2FA compared to app-based methods.
  • The lack of information regarding the leak’s duration and potential access by others raises concerns.

Gemini Recommendations:

  • Consider switching to app-based 2FA for increased security.
  • Be cautious of suspicious communications and avoid clicking unknown links.
  • Stay informed about potential security breaches affecting your online accounts.
  • Dr. Wesker@lemmy.sdf.org
    link
    fedilink
    English
    arrow-up
    1
    ·
    11 months ago

    It’s a great recommendation to use app-based 2FA, except that lots of services seem to insist on and only offer SMS OTP.

    For instance out of all the financial establishments I do business with, only one offers the option. The big name players don’t, it’s only some tiny little mom & pop CU that does.

    It’s very much a business adoption issue.

    • Poggervania@kbin.social
      link
      fedilink
      arrow-up
      0
      ·
      11 months ago

      Not sure if you do business with them, but Charles Schwab does have a app-based MFA option - although that’s limited to Symantec’s own TOTP MFA.

      • wrekone@lemmyf.uk
        link
        fedilink
        English
        arrow-up
        1
        ·
        11 months ago

        A lot of sites say they only support one specific MFA app. But in my experience, any MFA app that can read the QR code will work.

  • _number8_@lemmy.world
    link
    fedilink
    English
    arrow-up
    0
    arrow-down
    1
    ·
    11 months ago

    oh so even this bullshit that’s 20 times more annoying isn’t secure? good good