Voxox Database Containing Around 26 Million SMS Entries Exposed 2FA, Reset Codes

Voxox, a VOIP and cloud communication provider of wholesale SMS and voice services, exposed a massive database of tens of millions of text messages containing a wide range of highly sensitive info such as plaintext passwords, 2FA codes, password reset codes, phone numbers, and verification codes.

The database exposed to public access was stored on an unprotected server found by security researcher S├ębastien Kaul with the help of the Shodan Internet-connected device search engine.

Moreover, as first reported by TechCrunch's Zack Whittaker, the text message database found by Kaul on the open Internet provided anyone who accessed it with an almost real-time view of all the information going through Voxox's SMS gateway.

As discovered by Kaul, the server was running an Amazon Elasticsearch managed service used for deploying a distributed data search and analytics engine.

No comments:

Post a Comment