Home
Data Security

Massive Database of Google, Facebook, and WhatsApp 2FA Codes Leaked

A vast volume of 2FA security codes were leaked from an unsecured database, exposing Google, Facebook, and WhatsApp accounts. Find out how this leak occurred and about its implications for users.

Anuj Mudaliar Anuj Mudaliar Assistant Editor - Tech, SWZD
March 6, 2024
2FA Data Breach
  • Security researchers have found an unsecured database on the internet containing millions of two-factor authentication codes that compromised Google, Facebook, and WhatsApp accounts.
  • The compromised database belonged to a company that provided SMS text message routing services and accounted for up to 5 million SMS messages daily.

Millions of Google, Facebook, TikTok, and WhatsApp users had the security of their accounts compromised following the leak of an unsecured database that contained private two-factor authentication 2FA security codes. The incident is considered the same severity as a complete data breach.

The error was attributed to YX International, an Asia-based technology company responsible for routing SMS text messages and producing cellular networking equipment. The company claims to process up to five million SMS messages daily. The firm left the entire data open to public access without even a password for protection.

See More: SubdoMailing Exposé: Massive Domain Hijacking Campaign Used for Ad Fraud, Malvertising, Phishing Emails

The database was detected by a cybersecurity researcher using just the IP address of the database using a standard web browser. YX International secured the database soon after being contacted about the issue. Whether the information in the database was already exploited is yet to be clear.

The database included data such as 2FA codes and password reset links. The incident highlights the importance of best practices in securing and processing two-factor authentication. It also pushes the adoption of newer security measures such as authentication apps, passkeys, and physical keys. The threat is considerable, with the growing number of companies seeking to move their servers to the cloud without adequate encryption and authentication measures.

Does your organization use two-factor authentication? Let us know your thoughts on LinkedInOpens a new window , XOpens a new window , or FacebookOpens a new window . We’d love to hear from you!

Image source: Shutterstock

LATEST NEWS STORIES

Customer Data Management Data Security
Anuj Mudaliar
Anuj Mudaliar

Assistant Editor - Tech, SWZD

opens a new window opens a new window
opens a new window opens a new window
Anuj Mudaliar is a content development professional with a keen interest in emerging technologies, particularly advances in AI. As a tech editor for Spiceworks, Anuj covers many topics, including cloud, cybersecurity, emerging tech innovation, AI, and hardware. When not at work, he spends his time outdoors - trekking, camping, and stargazing. He is also interested in cooking and experiencing cuisine from around the world.
Take me to Community
Do you still have questions? Head over to the Spiceworks Community to find answers.

Recommended Reads

TikTok One Step Closer To Getting Banned in the US After Senate Passes Bill
Data Security

TikTok One Step Closer To Getting Banned in the US After Senate Passes Bill

Steer Clear of the Iceberg: Navigating the Waters of New SEC Cyber Regulations 
Data Security

Steer Clear of the Iceberg: Navigating the Waters of New SEC Cyber Regulations 

Safeguarding Consumer Data in a Rapidly Evolving Connected Car Industry
IoT

Safeguarding Consumer Data in a Rapidly Evolving Connected Car Industry

From Vulnerable to Invincible: Leveraging Tokenization To Protect PII
Data Security

From Vulnerable to Invincible: Leveraging Tokenization To Protect PII

Navigating the Threat of QR Codes as a Gateway to Data Theft
Endpoint Security

Navigating the Threat of QR Codes as a Gateway to Data Theft

Netherlands Government Might Stop Facebook Usage Over Privacy Risks
Data Security

Netherlands Government Might Stop Facebook Usage Over Privacy Risks