Text message database reportedly leaked password resets

A massive database managing millions of text messages was reportedly discovered unsecured, exposing sensitive information such as password resets and two-factor security codes.

Vovox, a San Diego-based communications company maintained the server, which was left unprotected by password, offering anyone knowing where to look a real-time glimpse at a steady stream of text messages, TechCrunch reported Thursday. The unsecured server was discovered on Shodan, a search engine for publicly available devices and databases, TechCrunch reported.

The database appeared to contain more than 26 million text messages, each containing the message and tagged with the recipient's cell phone number, TechCrunch reported. Among the information reportedly discovered were security codes sent by Fidelity Investments, a temporary banking password sent by a Silicon Valley credit union and an Amazon tracking notification with UPS tracking information.

Two-factor authentication is one of the easiest ways to prevent hackers from hijacking your accounts, stopping unauthorized people from accessing accounts, even if they know the user's password. Users of two-factor authentication rely on an SMS version of it, where a PIN code is texted to their phones .

"Our resources are looking into the issue and following standard data breach policy at the moment," Barrett Brown, director of customer service at Vovox, said in a statement. "We are evaluating impact and can provide additional information as it is available."

First published Nov. 15 at 8:40 p.m. PT
Update Nov. 16 at 8:25 a.m.: Adds Vovox statement.

CNET's Holiday Gift Guide: The place to find the best tech gifts for 2018.

Best Black Friday 2018 deals: The best discounts we've found so far.