Friday, November 16, 2018

Voxox Center Of Massive SMS Data, Security Breach

San Diego-based VoxOx, a provider of cloud-based communications services, has been caught at the center of a massive breach of SMS messaging security, after security researchers discovered VoxOx had left open one of its servers--allowing the security researchers to see--in real time--millions of SMS messages between VoxOx customers and others. Those SMS messages included password reset links, two factor authentication codes, and other data, including one-time codes from Los Angeles companies like Telesign, dating app developer Badoo, and hundreds of others. The breach apparently came after researchers used the Shodan search engine to search for publicly available devices and discovered the VoxOx server running on Amazon Elastisearch, where SMS traffic was easily monitored and queried.