Security researchers from the CCC gained access to over 200 million SMS messages containing one-time passwords from 200 companies, including big names like Google and Amazon. By exploiting vulnerabilities in SMS-based two-factor authentication, attackers could intercept messages and potentially take over accounts. The Chaos Computer Club discovered that a provider of 2FA-SMS was sharing sensitive data online, putting users at risk. While SMS 2FA offers more security than just passwords, it’s still vulnerable to attacks. Using app-generated codes or hardware tokens is recommended for stronger authentication. The breach highlights the importance of securing authentication methods to protect users’ accounts.
https://www.ccc.de/en/updates/2024/2fa-sms