Vovox, a San Diego-based communications company maintained the server, which was left unprotected by password, offering anyone knowing where to look a real-time glimpse at a steady stream of text messages, Tech reported Thursday. The unsecured server was discovered on Shodan, a search engine for publicly available devices and databases, Tech reported.
The database appeared to contain more than 26 million text messages, each containing the message and tagged with the recipient’s cell phone number, Tech reported. Among the information reportedly discovered were security codes sent by Fidelity Investments, a temporary banking password sent by a Silicon Valley credit union and an Amazon tracking notification with UPS tracking information.
Two-factor authentication is one of the easiest ways to prevent hackers from hijacking your accounts, stopping unauthorized people from accessing accounts, even if they know the user’s password. Users of two-factor authentication rely on an SMS version of it, where a PIN code is texted to their phones.
Vovox didn’t immediately respond to a request for comment but reportedly pulled the database off line after Tech raised questions about its security.