A significant cybersecurity incident has unfolded as an exposed database belonging to YX International, a technology company handling SMS text message routing, was discovered leaking two-factor authentication (2FA) codes. Anurag Sen, a security researcher, uncovered the vulnerable database, containing sensitive information, including one-time passcodes and password reset links for major tech companies like Facebook, Google, and TikTok. The exposure raises concerns about potential unauthorized access to user accounts and highlights the vulnerability of 2FA codes sent via SMS, which are less secure compared to other forms of 2FA.
TechCrunch, informed by Sen, found internal email addresses and passwords associated with YX International within the exposed database. The lapse, dating back to July 2023 and actively growing, underscores the urgency of addressing such vulnerabilities promptly. YX International responded to the report, stating they had sealed the vulnerability, but crucial details, such as the duration of the exposure, remain undisclosed. The incident emphasizes the importance of robust cybersecurity measures, especially when handling sensitive information crucial to online account security.