A security breach exposed two-factor authentication (2FA) codes/password reset links for millions of users on platforms like Facebook, Google, and TikTok.

Key Points:

• YX International, an SMS routing company, left an internal database exposed online without a password.
• The database contained one-time 2FA codes and password reset links for various tech giants.
• YX International secured the database and claims to have “sealed the vulnerability.”
• The company wouldn’t confirm how long the database was exposed or if anyone else accessed it.
• Representatives from Meta, Google, and TikTok haven’t commented yet.

Concerns:

• This leak highlights the vulnerabilities of SMS-based 2FA compared to app-based methods.
• The lack of information regarding the leak’s duration and potential access by others raises concerns.

Gemini Recommendations:

• Consider switching to app-based 2FA for increased security.
• Be cautious of suspicious communications and avoid clicking unknown links.
• Stay informed about potential security breaches affecting your online accounts.