nir Posted November 19, 2018 Share Posted November 19, 2018 Vovox has reportedly exposed over 26 million texts belonging to its customers which include Microsoft, Amazon, and Google. The Big Blunder In an shockingly negligent act, Vovox, the communications giant reportedly did not safeguard its server with a password and as a result, personal data such as phone numbers, messages and much more were accessible through Shodan, a search engine that works on the IoT concept. Furthermore, it was only after being approached by TechCrunch that Vovox pulled it down. These text messages included sensitive information such as temporary passwords, verification codes, password reset links and shipping details shared by the users of Vovox’s clients. This is a clear breach of private and sensitive personal data that put a massive number of users at risk. How do SMS-Based 2-Factor Verifications work? Typically, IT Giants such as Google, Microsoft and Amazon outsource their data management to firms like Vovox. This includes verification of phone numbers and the 2 Factor verification codes. These IT giants trust firms like Vovox to act as a secure gateway in order to authenticate the login credentials. Now with the unveiling of this exposure, we also know that sometimes the IT giants fail to monitor these vendors. This leak was uncovered by Sebastien Kaul, a Berlin-based security researcher. It is astonishing that none of these premier clients of Vovox had a designated or deployed a team to oversee and monitor the efficiency of data security services provided by Vovox. That could have helped curb this issue much earlier. What’s worse is that the aforementioned 26 million messages were also found on one of the subdomains of Vovox. According to TechCrunch, Kevin Hertz, the CTO of Vovox stated the following: “looking into the issue and following standard data breach policy at the moment,” and that Vovox is “evaluating impact.” With this revelation, it shows that it is not always safe to transact online as one could end up risking one’s personal and sensitive data resulting in the account being hijacked. In fact, many experts advise that it is high time that the 2-Way verification was replaced with an effective alternative. Source Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.