![voxox credits hack voxox credits hack](https://descargar.wiki/wp-content/uploads/3003d09bd73d40a9b69a81a4d6b42e9e_screen.png)
#Voxox credits hack password
#Voxox credits hack verification
Many messages included two-factor verification codes for Google accounts in Latin America.
#Voxox credits hack code
Fidelity Investments also sent six-digit security codes to one Chicago Loop area code.Several partners were sent their six-digit two-factor codes to log in to the company’s extranet corporate network.We found a password sent in plaintext to a Los Angeles phone number by dating app Badoo.Among our findings from a cursory review of the data: Each record was meticulously tagged and detailed, including the recipient’s cell phone number, the message, the Voxox customer who sent the message and the shortcode they used. But the sheer volume of messages processed through the platform per minute - as seen through the database’s visual front-end - suggests that this figure may be higher. At the time of its closure, the database appeared to have a little over 26 million text messages year-to-date. After an inquiry by TechCrunch, Voxox pulled the database offline.
![voxox credits hack voxox credits hack](https://i.pinimg.com/originals/c6/9b/39/c69b3942a610bdd4cd25cc72e0bbfd28.png)
But it’s firms like Voxox that act as a gateway and converting those codes into text messages, to be passed on to the cell networks for delivery to the user’s phone. Often, app developers - like HQ Trivia and Viber - will employ technologies provided by firms like Telesign and Nexmo, either to verify a user’s phone number or to send a two-factor authentication code, for example. Most don’t think about what happens behind the scenes when you get a text message from a company, whether it’s an Amazon shipping notification or a two-factor code for your login.
![voxox credits hack voxox credits hack](https://styles.redditmedia.com/t5_6c7q70/styles/communityIcon_zo831xeuv6a91.jpg)
Worse, the database - running on Amazon’s Elasticsearch - was configured with a Kibana front-end, making the data within easily readable, browsable and searchable for names, cell numbers and the contents of the text messages themselves. Although Kaul found the exposed server on Shodan, a search engine for publicly available devices and databases, it was also attached to to one of Voxox’s own subdomains. For Sébastien Kaul, a Berlin-based security researcher, it didn’t take long to find. The server wasn’t protected with a password, allowing anyone who knew where to look to peek in and snoop on a near-real-time stream of text messages. The exposed server belongs to Voxox (formerly Telcentris), a San Diego, Calif.-based communications company. A security lapse has exposed a massive database containing tens of millions of text messages, including password reset links, two-factor codes, shipping notifications and more.