The 2FA codes of users of services from the likes of Google and Meta have been leaked online. This surprising turn of events has led to a ton of security experts reconsidering the use of SMS messages for the 2FA process. New research shows that a ton of these codes from tech giants are available on the internet for bad actors.
This research conducted by Anurag Sen has unveiled a rather shocking side of 2FA security codes. These codes are in use by billions of people worldwide with access to a smartphone or any internet service. Most firms port these codes as an extra layer of security that is only accessible by the owner of whatever online service it protects.
Usually, users get these codes on their mobile devices via SMS or to their email addresses. They can then take these codes and use them to complete some login processes, hence ensuring the process is secure. However bad actors like YX International have found a way to access these 2FA security codes sent from firms like Google and Meta to their users as an extra layer of security.
While it is shocking that these 2FA codes have a security flaw as YX International has proven, it isn’t much of a user security risk. The database holding millions of Google and Meta 2FA security codes dates back to 2023. This means that they are useless since most 2FA security codes have a short window for usage before they expire.
Considering this fact, we can say that there is no need for panic among netizens over the use of 2FA codes. Some still question the usage of SMS to send 2FA security codes to users. The use of SMS is currently under debate because of the older technology behind it that lacks proper security.