We’ve probably all received confirmation codes via text message when trying to enter into an account. These codes are intended to function as two-factor verification, confirming our identities and preventing cybercriminals from accessing our accounts solely through a password. But who handles the SMS codes, and can they be trusted?
New findings from Bloomberg and the collaborative investigative newsroom Lighthouse findings offer insight on how and why text-based codes might put people in danger. In their investigations, both organisations stated that they got at least a million data packets from a phone company whistleblower. Individual users got the packets, which contained SMS texts with two-factor authentication codes.
You may believe that these messages are handled directly by the companies and websites with which you have an account. However, Bloomberg and Lighthouse’s investigation suggests that this is not always the case. In this case, the messages went through a contentious Swiss company called Fink Telecom Services. And Bloomberg used the label “controversial” to describe Fink for a reason.
Content was cut in order to protect the source.Please visit the source for the rest of the article.
This article has been indexed from CySecurity News – Latest Information Security and Hacking Incidents
Read the original article: