These apps are completely self-contained, meaning no sensitive data needs to be sent to them, and this also creates the secondary benefit of allowing them to work when your phone doesn’t have an active cell connection.
#Voxox sms verification code
Instead, using an authentication app such as Google Authenticator or 1Password (with it’s built-in 2FA code generator) is much more convenient and secure. While it’s common for websites and services to text you this number (meaning only someone with access to your phone can log in), a breach such as this (or the increasingly common SIM hijacking) would allow a hacker to see the code being sent to your phone, and use it to login to your account. Even if someone has your username and password, they won’t be able to log in without this second code. Two-factor authentication is one of the best ways you can protect your accounts against being hijacked. Only after being contacted by TechCrunch did Voxox take down the database, which contained text messages sent to customers from companies including Google, Amazon, and Microsoft.Īpps like Google Authenticator or 1Password are much more convenient and secure Since the server was still active after the breach was discovered, anyone could have monitored a near-real-time data stream to find the relevant two-factor authentication code sent after trying to log into someone else’s account. The breach was brought to light by a Berlin-based security researcher named Sébastien Kaul, who discovered that the Voxox-managed database was discoverable, unprotected, and easily searchable for both names and telephone numbers. In addition to the privacy concerns, the breach also highlights the dangers of relying on SMS messages for receiving two-factor authentication codes or account reset links, which sees sensitive information sent over an unencrypted communications platform. A recent data breach has exposed a database of around 26 million text messages containing private customer information, reports TechCrunch.