Major security breach exposes 2FA codes for tech giants

A security oversight led to the exposure of sensitive data, including one-time security codes, from tech giants like Facebook, Google, and TikTok.

The breach originated from an unprotected database belonging to YX International, a company specializing in SMS text message routing services. Anurag Sen, a security researcher, discovered the leak, which exposed users' two-factor authentication (2FA) codes and password reset links.

Although YX International promptly secured the database, the extent of the exposure and whether unauthorized access occurred remains unclear. The incident highlights the vulnerability of SMS-based 2FA codes and raises concerns about user privacy and security.