The problematic server belongs to Voxox (formerly Telcentris ), a communications company based in San Diego, California. The server is not password protected, and anyone who knows where to peek can see near real-time SMS traffic.Īs for the safety researcher in Berlin, Sébastien Kaul, he did not take long to find it.Īlthough Kaul found this unobstructed server on Shodan (a search engine for publicly available devices and databases), Voxox's own second-level domain name also points to it. To make matters worse, this database running on Amazon Elasticsearch is also equipped with a Kibana front end that makes the data easy to read, browse, and retrieve by name, mobile number, and text message content. The tens of millions of text messages in the database contained password reset links, two-factor authentication codes, and express notifications.
A security error caused a huge database to be compromised.
0 kommentar(er)
