
Leaky database of SMS text messages exposed password resets and two-factor codes - tonyztan
https://techcrunch.com/2018/11/15/millions-sms-text-messages-leaked-two-factor-codes/
======
craftyguy
> tens of millions of text messages, including password reset links, two-
> factor codes

Many, or very nearly all?, of the places implementing this expire the tokens
in minutes. I'm not defending 2FA over SMS, but merely pointing out this
'feature' of the 'leaky database' is probably not all that impactful.

~~~
breakingcups
They go into that. The database was queryable in (near) realtime.

