YX International has opened access to the accounts of the largest tech giants.
IT company YX International has secured a vulnerable database that contained one-time security codes that allow users to access the accounts of Facebook, Google, TikTok and other technology companies.
YX International, an Asian IT company, manufactures cellular communication equipment and provides text message routing services. SMS routing helps you deliver urgent messages to their destination through various regional cellular networks and providers. For example, the user receives a security code or a link to log in to online services. YX International claims to send 5 million text SMS messages every day.
However, YX International left one of its internal databases open for access over the Internet without a password, which allowed anyone to access sensitive data using only a web browser, just by knowing the public IP address of the database.
Anurag Sen, a security researcher and leak detection expert, discovered the open database. Sen said it's unclear who owns the database and who to report the leak to, so Sen shared details of the open database with TechCrunch to help identify its owner and report the security bug.
Sen told TechCrunch that the open database included the contents of text messages sent to users, including one-time access codes and password reset links for some of the world's largest tech companies, including Facebook, WhatsApp, Google, TikTok and others. The database contained monthly magazines dating back to July 2023, and its size was increasing by the minute.
Sets of internal email addresses and corresponding passwords associated with YX International were found in the open database. TechCrunch has already warned the company about the database leak. Soon the database was disabled.
An anonymous representative of YX International said that the server does not store access logs, which will help determine whether anyone other than You discovered the open database and its contents. Therefore, YX International does not know how long the database has been open. A Meta spokesperson declined to comment. Representatives for Google and TikTok did not respond to requests for comment.
IT company YX International has secured a vulnerable database that contained one-time security codes that allow users to access the accounts of Facebook, Google, TikTok and other technology companies.
YX International, an Asian IT company, manufactures cellular communication equipment and provides text message routing services. SMS routing helps you deliver urgent messages to their destination through various regional cellular networks and providers. For example, the user receives a security code or a link to log in to online services. YX International claims to send 5 million text SMS messages every day.
However, YX International left one of its internal databases open for access over the Internet without a password, which allowed anyone to access sensitive data using only a web browser, just by knowing the public IP address of the database.
Anurag Sen, a security researcher and leak detection expert, discovered the open database. Sen said it's unclear who owns the database and who to report the leak to, so Sen shared details of the open database with TechCrunch to help identify its owner and report the security bug.
Sen told TechCrunch that the open database included the contents of text messages sent to users, including one-time access codes and password reset links for some of the world's largest tech companies, including Facebook, WhatsApp, Google, TikTok and others. The database contained monthly magazines dating back to July 2023, and its size was increasing by the minute.
Sets of internal email addresses and corresponding passwords associated with YX International were found in the open database. TechCrunch has already warned the company about the database leak. Soon the database was disabled.
An anonymous representative of YX International said that the server does not store access logs, which will help determine whether anyone other than You discovered the open database and its contents. Therefore, YX International does not know how long the database has been open. A Meta spokesperson declined to comment. Representatives for Google and TikTok did not respond to requests for comment.
