AQUARELLA MOERBEKE WAAS CODE
Only after being contacted by TechCrunch did Voxox take down the database, which contained text messages sent to customers from companies including Google, Amazon, and Microsoft.ĪPPS LIKE GOOGLE AUTHENTICATOR OR 1PASSWORD ARE MUCH MORE CONVENIENT AND SECURE Since the server was still active after the breach was discovered, anyone could have monitored a near-real-time data stream to find the relevant two-factor authentication code sent after trying to log into someone else’s account. Two-factor authentication is one of the best ways you can protect your accounts against being hijacked. Even if someone has your username and password, they won’t be able to log in without this second code. While it’s common for websites and services to text you this number (meaning only someone with access to your phone can log in), a breach such as this (or the increasingly common SIM hijacking) would allow a hacker to see the code being sent to your phone, and use it to login to your account. Instead, using an authentication app such as Google Authenticator or 1Password (with it’s built-in 2FA code generator) is much more convenient and secure. These apps are completely self-contained, meaning no sensitive data needs to be sent to them, and this also creates the secondary benefit of allowing them to work when your phone doesn’t have an active cell connection. Increasingly, hardware keys are also proving popular, with Google reporting that it has seen no successful phishing attacks since making hardware security keys mandatory for its employees. Unfortunately in some cases you’ll still need to rely on SMS as a security backup, but this should only be used as a last resort to minimize your exposure to breaches such as this.A security error caused a huge database to be compromised.
AQUARELLA MOERBEKE WAAS PASSWORD
The tens of millions of text messages in the database contained password reset links, two-factor authentication codes, and express notifications. The problematic server belongs to Voxox (formerly Telcentris ), a communications company based in San Diego, California. The server is not password protected, and anyone who knows where to peek can see near real-time SMS traffic.Īs for the safety researcher in Berlin, Sébastien Kaul, he did not take long to find it.Īlthough Kaul found this unobstructed server on Shodan (a search engine for publicly available devices and databases), Voxox's own second-level domain name also points to it. To make matters worse, this database running on Amazon Elasticsearch is also equipped with a Kibana front end that makes the data easy to read, browse, and retrieve by name, mobile number, and text message content.
AQUARELLA MOERBEKE WAAS VERIFICATION
Several partners at sent a six-digit two-factor authentication code via SMS for access to the company's outreach network įidelity Investment Group also sent a six-digit security verification code to a number belonging to the Chicago Loop area We found that dating app Badoo sent a password to a mobile phone number in Los Angeles with a clear text message When we receive a text message from a company, whether it's Amazon's express notification or the two-factor authentication code for the service, most people won't think about what's going on behind the scenes. Typically, application developers like HQ Trivia and Viber use technologies from companies such as Telesign and Nexmo , either to authenticate a user's mobile number or to send a two-factor authentication code. However, in which it acts as a gateway and is responsible for that code into a text message sent to the user's mobile phone over a cellular network but Voxox such companies.Īfter TechCrunch sent an inquiry, Voxox took the database offline. On shutdown, the database appears to have more than 26 million text messages since the beginning of the year. However, we can see the number of text messages processed per minute by the platform from the visual front end of the database, which indicates that the actual number may be higher.Įach record is carefully tagged and has detailed information, including the recipient's mobile number, the content of the message, the Voxox customer who sent the message, and the short code they used.īy a cursory review of the data, we found that:
0 kommentar(er)
