IdentifyMobile incident exposed 200M records from companies
A security incident at IdentifyMobile exposed 200 million SMS messages from 200+ companies due to an unsecured AWS S3 server. Sensitive data like 2FA codes and transaction numbers were compromised. Investigations are ongoing.
Read original article
A security incident at IdentifyMobile, a British bulk SMS provider, exposed over 200 million SMS messages from more than 200 companies due to an unsecured AWS S3 server. The Chaos Computer Club (CCC) discovered this lapse, allowing real-time access to sensitive data like SMS content, phone numbers, and sender names. The exposed information included 2FA codes, transaction authorization numbers, and "1-click login" links, potentially compromising online accounts and financial transactions. While the data was accessible for a brief period in May 2024, the CCC did not confirm if malicious actors accessed it. Major companies like Google, Amazon, and Facebook were affected, raising concerns about data security practices. Despite limitations on exploiting authentication codes, the exposed data could still pose risks if misused. IdentifyMobile has not issued a public statement, and investigations are ongoing to determine the full extent of the breach and potential consequences.
Related
ID verification service for TikTok, Uber, X exposed driver licenses
A cybersecurity researcher found AU10TIX's admin credentials exposed online, risking data breach for TikTok, Uber users. Concerns rise over ID verification services' vulnerability to cyberattacks, emphasizing the need for enhanced security measures.
Identity Verification Used by X, TikTok, and Uber Exposed Driver's Licenses
An identity verification firm, AU10TIX, exposed login credentials, risking access to sensitive data like driver's licenses. Despite claims of prompt revocation, functional credentials were found. AU10TIX partners with major platforms.
Twilio Confirms Data Breach After Hackers Leak 33M Authy User Phone Numbers
Twilio confirms data breach leaking 33 million phone numbers linked to Authy app. No evidence of system access or sensitive data compromise. Users advised to update security settings as precaution against phishing.
Twilio breach leaks over 30M Authy-linked phone numbers
A data breach in Authy exposed 33 million phone numbers due to an unsecured API. No passwords were leaked, but users are urged to secure accounts with 2FA, watch for scams, and lock SIM cards. Twilio has improved security measures. Update Authy app for safety.
Second Factor SMS: Worse Than Its Reputation
Security researchers accessed 200M 2FA-SMS messages, exposing a flaw in IdentifyMobile's system used by Google, Amazon, and Facebook. CCC recommends more secure authentication methods due to significant risks.
1 commentsRelated
ID verification service for TikTok, Uber, X exposed driver licenses
A cybersecurity researcher found AU10TIX's admin credentials exposed online, risking data breach for TikTok, Uber users. Concerns rise over ID verification services' vulnerability to cyberattacks, emphasizing the need for enhanced security measures.
Identity Verification Used by X, TikTok, and Uber Exposed Driver's Licenses
An identity verification firm, AU10TIX, exposed login credentials, risking access to sensitive data like driver's licenses. Despite claims of prompt revocation, functional credentials were found. AU10TIX partners with major platforms.
Twilio Confirms Data Breach After Hackers Leak 33M Authy User Phone Numbers
Twilio confirms data breach leaking 33 million phone numbers linked to Authy app. No evidence of system access or sensitive data compromise. Users advised to update security settings as precaution against phishing.
Twilio breach leaks over 30M Authy-linked phone numbers
A data breach in Authy exposed 33 million phone numbers due to an unsecured API. No passwords were leaked, but users are urged to secure accounts with 2FA, watch for scams, and lock SIM cards. Twilio has improved security measures. Update Authy app for safety.
Second Factor SMS: Worse Than Its Reputation
Security researchers accessed 200M 2FA-SMS messages, exposing a flaw in IdentifyMobile's system used by Google, Amazon, and Facebook. CCC recommends more secure authentication methods due to significant risks.