Latest SMS breach could allow hackers access to your online accounts

how to send a text from your email account
kantver/123RF

More than 26 million text messages may have been breached as a result of an unsecured database operated by telecommunications company Vovox. Cybersecurity researcher Sebastien Kaul discovered that the unsecured database was not even password protected, and information contained within those messages include passwords in plain text, two-factor authentication codes, account security codes, tracking information for package shipments, account reset codes, and even medical appointment reminders. Notably, these messages include communications from banks, medical institutions and hospitals, Yahoo, Google, Microsoft, and Huawei.

When a developer sends a two-factor authentication code or when a user requests a login link via text messages, “it’s firms like Voxox that act as a gateway and converting those codes into text messages, to be passed on to the cell networks for delivery to the user’s phone,” TechCrunch noted of Vovox’s role in maintaining an unsecured database of SMS messages. SMS, which stands for short message service, is another name for text messages sent over a carrier’s network.

Vovox has since pulled the database, and at this time it’s unclear if any information contained within the database had been accessed by a malicious actor. In addition to having information about the recipient’s mobile number, the database potentially offered any hacker near real-time access to password reset links and two-factor authentication codes. This places many accounts at risk. Vovox cofounder and CTO Kevin Hertz told TechCrunch in an email that the company is investigating the breach and that it is also “evaluating impact.”

According to Kaul, the database contained records with detailed information about the message. “Each record was meticulously tagged and detailed, including the recipient’s cell phone number, the message, the Voxox customer who sent the message and the shortcode they used,” TechCrunch said.

Although when used with login credentials, SMS verification offers more protection than a merely using a username and password, more recently security experts have issued warnings about the vulnerability of SMS systems. Primarily, researchers have warned that SMS messages could be intercepted, and this latest breach is a prime example of that. As a result, experts say that utilizing authentication apps or hardware-based USB security keys, like Google’s Titan keys, are safer options when it comes to multi-factor authentication.

Product Review

Ring Alarm makes DIY home security simple and affordable enough for everyone

Ring first made waves with its video doorbell, and now the Amazon-owned company is moving on to home security with the Ring Alarm. You can install the sensors and keypads yourself, then have Ring professionally monitor your home.
Computing

These are the worst passwords of 2018. Is yours on this list?

Do you use a bad password that makes your online accounts easy to break into? SplashData has compiled a list of the top 100 worst passwords for 2018 and there are quite a few listings that were carryovers from prior lists.
Gaming

The most common Xbox One X problems, and how to fix them

The Xbox One X is a brilliant console, but it's not without its issues, ranging from simple annoyances to severe hardware problems. Here are common Xbox One X problems and how to fix them.
Deals

Best deals on home security cameras to save you from package thieves

Home security camera systems can help keep your home and your family safe. Amazon's deals on Blink security cameras and Ring Video Doorbells also help you save money on devices you can access regardless of your current location.
Music

Here's our head-to-head comparison of Pandora and Spotify

Which music streaming platform is best for you? We pit Spotify versus Pandora, two mighty streaming services with on-demand music and massive catalogs, comparing every facet of the two services to help you decide which is best.
Computing

Our favorite Chrome themes add some much-needed pizzazz to your boring browser

Sometimes you just want Chrome to show a little personality and ditch the grayscale for something a little more lively. Lucky for you, we've sorted through the Chrome Web Store to find best Chrome themes available.
Computing

Latest Facebook bug exposed up to 6.8 million users’ private photos

An API bug recently left an impact on Facebook users. Though the issue has since been fixed, some of the apps on the platform had a wrongful access to consumers photos for 12 days between September 13 and September 25. 
Computing

Don't keep typing the same thing -- learn to copy and paste with these shortcuts!

Looking for useful Windows keyboard shortcuts? The most common are the cut, copy, paste and undo shortcuts compatible with all kinds of tasks. They can save you an awful lot of time if you learn how to use them.
Computing

You can now get a Surface Laptop 2 for $800 at the Microsoft Store

Along with deals on other variants, starting configurations of Microsoft's Surface Laptop 2 are now going for $800 online at its retail store, cutting $200 from its usual $1,000 starting price. 
Computing

Need a monitor for professional photo-editing? These are the very best

Looking for the best monitor for photo editing? You'll need to factor in brightness, color accuracy, color gamut support and more. Fortunately, we've rounded up the best ones for you, to help you make an educated purchase.
Computing

HDR monitors are beginning to have an impact. Here are the best you can buy

HDR isn't the most common of PC monitor features and is often charged at a premium, but the list of available options is growing. These are the best HDR monitors you can buy right now.
Computing

You’ll soon be able to scribble all over PDFs on your Chromebook

Chrome OS users may soon be able to doodle all over their PDF documents with the possible addition of a new feature in Chrome OS' PDF viewer. The annotation feature is expected to allow users to hand draw or write over their documents.
Virtual Reality

Oculus Rift vs. HTC Vive: Prices drop, but our favorite stays the same

The Oculus Rift and HTC Vive are the two big names in the virtual reality arena, but most people can only afford one. Our comparison tells you which is best when you pit the Oculus Rift vs. HTC Vive.
Computing

Microsoft’s Windows 95 throwback was just an ugly sweater giveaway

Microsoft's "softwear" announcement wasn't what we had hoped for. Thursday's announcement was not the new line of wearable tech or SkiFree monster sweater we wished for. But it did deliver the 90s nostalgia we wanted.