TechCrunch: A leaky database of SMS text messages exposed password resets and two-factor codes. “A security lapse has exposed a massive database containing tens of millions of text messages, including password reset links, two-factor codes, shipping notifications and more. The exposed server belongs to Voxox (formerly Telcentris), a San Diego, Calif.-based communications company. The server wasn’t protected with a password, allowing anyone who knew where to look to peek in and snoop on a near-real-time stream of text messages.”
SMS
The Verge: Facebook admits SMS notifications sent using two-factor number was caused by bug
The Verge: Facebook admits SMS notifications sent using two-factor number was caused by bug. “Facebook this evening clarified the situation around SMS notifications sent using the company’s two-factor authentication (2FA) system, admitting that the messages were indeed caused by a bug. In a blog post penned by Facebook Chief Security Officer Alex Stamos, the company says the error led it to ‘send non-security-related SMS notifications to these phone numbers.'”