Unsolved
10 Elder
•
45.2K Posts
0
94
March 4th, 2024 20:52
Database leaked two-factor authenication codes
Two-factor authentication (2FA) codes are sent via SMS text messages you receive when trying to log into web sites with 2FA enabled.
A tech company that routes millions of 2FA text messages around the world every day had an unsecured database which was spilling one-time security codes and may have allowed hackers to access Facebook, Google, TikTok accounts.
The database currently has monthly 2FA logs dating back to July 2023, but -stupidly- didn't keep logs of database access. So they don't know who or when it may have been accessed by outsiders.
The database is now secured after a security expert found it on the internet and, with additional help, was able to identify its owner.
You may want to change passwords on accounts where you recently needed 2FA to log in because it's not clear which sites, aside from the ones listed above, use that company's 2FA text message service.
Read more here...
ky331
3 Apprentice
•
15.6K Posts
0
March 4th, 2024 23:19
I don't believe I've used 2FA... yet....
RoHe
10 Elder
•
45.2K Posts
0
March 5th, 2024 02:35
My bank, medical clinic, insurance company etc all use 2FA. I enter user name and password at the site and they send SMS to my cell phone number which they have on file. The code has to be entered on the site, typically within 10 min, and some sites also requiring me to reenter my password too.
Some give me a choice to get SMS on cell phone or robo-voice call on my land line phone which they also have on record. I prefer SMS since my cell phone also needs a password to open, which adds another layer of security that the land line doesn't have.
Was supposed to be great way to protect ourselves from hackers, at least until that company left their 2FA database unsecured. So what next, 3FA...?
(edited)
ky331
3 Apprentice
•
15.6K Posts
0
March 5th, 2024 11:49
I have been OFFERED 2FA from many places, but to the extent that it was optional (or only invoked infrequently), I've typically avoided it. Ironically, there are some work sites which force it on us (at least, it's typically only twice a month) --- I lose access to my work e-mail (and even more annoyingly, to my work phone) unless I use their 2FA.
RoHe
10 Elder
•
45.2K Posts
0
March 5th, 2024 19:51
The sites where I use 2FA don't give me an option to use it or not. Not sure if they're trying to protect me or themselves by layering on an extra level of security, if their site gets hacked and my password is stolen.
I just go with the flow...