Navigation
Search
|
A Leaky Database of SMS Text Messages Exposed Password Resets and Two-Factor Codes
Friday November 16, 2018. 07:00 PM , from Slashdot
A database which contained millions of text messages used to authenticate users signing into websites was left exposed to the internet without a password. From the report: The exposed server belongs to Voxox (formerly Telcentris), a San Diego, Calif.-based communications company. The server wasn't protected with a password, allowing anyone who knew where to look to peek in and snoop on a near-real-time stream of text messages. For Sebastien Kaul, a Berlin-based security researcher, it didn't take long to find. Although Kaul found the exposed server on Shodan, a search engine for publicly available devices and databases, it was also attached to to one of Voxox's own subdomains. Worse, the database -- running on Amazon's Elasticsearch -- was configured with a Kibana front-end, making the data within easily readable, browsable and searchable for names, cell numbers and the contents of the text messages themselves.
Read more of this story at Slashdot.
rss.slashdot.org/~r/Slashdot/slashdot/~3/kTWdt3FUvcM/a-leaky-database-of-sms-text-messages-exposed-p...
|
25 sources
Current Date
Nov, Thu 21 - 17:43 CET
|