Security experts advise against using SMS messages for two-factor authentication codes due to their vulnerability to interception or compromise. Recently, a security researcher discovered an unsecured database on the internet containing millions of such codes, which could be easily accessed by anyone.

03/06 updates below. This article was originally published on March 4.

The Sensitive SMS Database Was Left Unprotected Online

The internal database, discovered by security researcher Anurag Sen, was left unprotected without a password despite being internet-facing. Anyone who knew the database's IP address would be able to access it using nothing more sophisticated than a bog-standard web browser.