News

Millions of messages exposed in database security breach

After a security breach, millions of text messages have been exposed from the database of tech company Voxox. These messages included links to reset passwords, shipping notifications, and two-factor authentication codes. These were all exposed on the company’s server.

Even more worryingly, it has also been found that the server wasn’t password protected. This means that anyone with the skills and knowledge to find the information could do so.

Voxox acts as an intermediary service for online retailers like Amazon. It converts shipping and two-factor authentication codes into text messages. This information can then be sent to the customers mobile phone in text format.

Included in the messages were several partners of Booking.com, who were sent their two-factor codes to log into an extranet corporate network. In addition to this, there were a number of small to medium-sized hospitals who had sent reminders to patients regarding appointments and billings.

The records in question included various pieces of personal information. This includes the recipients mobile phone number, the customer who sent the message, the message itself, and the shortcode that was used. The message itself, however, was only available to view for a very small amount of time.

Following an enquiry by TechCrunch, security researcher Sébastien Kaul found that over 26 million text messages could be found on the database. But, it has been suggested that, according to the number of messages that are processed per minute on the platform, the actual figures could be even higher. The database was then taken offline by Voxox.

Dylan Katz, a security researcher, said in a TechCrunch interview: “My real concern here is the potential that this has already been abused. This is different from most breaches, due to the fact the data is temporary, so once it’s offline any data stolen isn’t very useful.”

In response to this, Kevin Hertz, Voxox’s co-founder and chief technology officer, said that the company was “looking into the issue and following standard data breach policy at the moment” and that the company was “evaluating impact”.

Consumer and Society

Recent Posts

The rising burden of housing and childcare costs for consumers

As inflation continues to affect consumers’ monthly bills, more people have had to adjust their…

33 mins ago

Food & Beverage: Five regulatory development trends in 2024

After coming under pressure from consumers, regulations in the Food & Beverage sector are changing…

1 week ago

How the FTC and Congress plan to deal with shrinkflation

With inflation and rising living costs affecting more consumers, the issue of ‘shrinkflation’ is becoming…

2 weeks ago

Methylene chloride ban announced by the EPA over cancer risks

The Environmental Protection Agency (EPA) has announced a ban on methylene chloride in products for…

2 weeks ago

How is Ozempic affecting consumers’ food shopping habits?

Ozempic and other GLP-1 drugs are usually prescribed to treat diabetes. Recently, the endorsement of…

3 weeks ago

Dating app sued for sharing personal health information with third parties

Grindr, the world's largest dating app catering to the LGBTQ+ community, now faces legal action…

3 weeks ago