A Company’s 2FA Database Was Leaked

One of the methods we prefer to ensure our security online is “two-factor authentication”, also known as “2FA“. Today, 2FA technologies are implemented in the world’s largest social network providers such as Google, Meta and TikTok, as well as cryptocurrency exchanges such as Binance. While some companies introduce their own systems, others from third party businesses is getting help. Now, a very important development has occurred regarding this.

Offering 2FA service via SMS in many countries YX International A company named fell victim to an unprecedented security vulnerability. It sends more than 5 million SMS per day and enables users to perform two-factor authentication. enabling it to complete It was determined that the company left one of its databases unencrypted. According to the investigations, this database includes information sent when users enter Google, Meta and TikTok. one-time access code and contained password reset links.

YX International announced that the security vulnerability has been closed

After the database emerged, YX International was contacted. In the statements made, there was no information about how long the leaked database had been unencrypted. no information given. However, the files examined started as of July 2023. So the encryption problem most likely started at that time. A representative from YX International stated that necessary action was taken on the incident and The security vulnerability has been closed explained.

What happened to YX International? how many users It is not clear if his security was breached. The only thing known here is that the codes and password reset links sent to users trying to log in to platforms such as TikTok, Instagram, Facebook and YouTube. to have been revealed. Issues such as whether hackers have detected this vulnerability before and whether they exploited it remain a mystery for now.