Photo: Westend61 via Getty Images
A database containing millions of text messages used to authenticate users signing into websites was left exposed to the internet without a password, TechCrunch's Zack Whittaker reports.
Why it matters: What was at risk here were those text messages a bank might send customers after they entered a passwords, password reset links and other automated text messages sent by businesses. While there's no evidence that a malicious actor was monitoring the database, it was dangerous information to have exposed.
Details: The database belonged to the automated text message service Voxox. Per the report:
- The database was discovered by security researcher Sébastien Kaul and remained online until Whittaker contacted Voxox.
- The text messages included security codes sent by Fidelity Investments, Booking.com and Google.
- Voxox had sent more than 26 million text messages to date this year.
But, but, but: Remember, these codes typically only remain active for a few minutes. So while the danger would be very real, only text messages that were being monitored as they were added to the database would put anyone's account at risk.