2FA codes are great for security, except when 26M of them are leaked

Just when you thought two-factor authentication was enough to secure your online accounts, a troubling discovery shows how this system can be comprised, thanks to human error. TechCrunch reports that a database of text messages containing more than 26 million 2FA codes, password reset links, and delivery tracking details was left out in the open – and its recipients may have been compromised. Security researcher Sébastien Kaul Kaul discovered the database – owned by a telephony firm called Voxox – on Shodan, a search engine for public databases. It was also attached to Voxox’s subdomain with an easily searchable frontend.…

This story continues at The Next Web

from The Next Web https://ift.tt/2Dqb58N