YX International, which is responsible for forwarding millions of SMS messages every day, left its internal database open on the internet. This meant that anyone with the database’s IP address could access sensitive information, including one-time login codes for major platforms such as Google and TikTok.
The flaw in the system was discovered by security researcher Anurag Sen. The presence of messages in the database over several months has raised concerns about the potential number of users who could be affected.
Although 2FA adds a layer of security by requiring a code to be sent to the user’s phone, using only SMS messages as a delivery method has its limitations. SMS messages can be intercepted, but in this case the codes themselves were in an unprotected database.
The company quickly patched the vulnerability, but it remains unclear how long the database was available or whether anyone else had access to sensitive information.
Source: Ferra
I am a professional journalist and content creator with extensive experience writing for news websites. I currently work as an author at Gadget Onus, where I specialize in covering hot news topics. My written pieces have been published on some of the biggest media outlets around the world, including The Guardian and BBC News.
