Tens of millions of SMS text messages automatically sent from companies have been exposed by a security lapse.

The texts, which included things like password reset codes and shipping information, were sent through a communications company called Voxox.

But it turns out that the database recording this information wasn’t even protected with a password.

Up to 26 million text messages are thought to have been revealed according to Sébastien Kaul, a Berlin-based security researcher, who spoke to TechCrunch.

Close up shot of woman's manicured hand as she uses a handphone

Voxox acted as a gateway between the likes of Amazon or smaller app developers. The San Francisco-based company would turn a code – like a two-factor authentication request or a shipping notificatin – and turn it into an actual text message that was automatically sent off to the mobile network and through to a person’s phone.

Apps including messaging service Viber and Kakao, used the service for verifying phone numbers, as did quiz app HQ Trivia.

Although the codes themselves would only be usable for a very short amount of time, the fact that the security researcher could open the database and read them off in real-time is particularly troubling.

Voxox told TechCrunch it was ‘looking into the issue and following standard data breach policy at the moment.’

Because standard text messages are so insecure, it has led tech companies to create encrypted alternatives such as iMessage and WhatsApp. Which works fine when it’s a case of two people messaging each other, but as is the case here – automated alerts need to be given greater security scrutiny as well.


READ  Apple's mega launch event: What to expect


Please enter your comment!
Please enter your name here