{"id":55849,"date":"2025-06-17T14:43:00","date_gmt":"2025-06-17T12:43:00","guid":{"rendered":"https:\/\/www.apfelpatient.de\/?p=55849"},"modified":"2025-06-17T14:43:02","modified_gmt":"2025-06-17T12:43:02","slug":"1-million-2fa-sms-intercepted-this-method-protects-you","status":"publish","type":"post","link":"https:\/\/www.apfelpatient.de\/en\/news\/1-million-2fa-sms-abgefangen-diese-methode-schuetzt-dich","title":{"rendered":"1 million 2FA SMS intercepted: This method protects you"},"content":{"rendered":"

If you use 2FA, you probably feel safe. After all, this additional layer of security is supposed to prevent strangers from accessing your accounts, even if they know your password. But now a new report shows that this very security measure has been massively undermined: Approximately one million two-factor authentication codes sent via SMS have been intercepted. And not by random hackers, but by a legitimate mobile phone company with ties to intelligence agencies and surveillance firms. Here's what happened\u2014and how you can better protect yourself.<\/strong><\/p>\n\n\n\n

Two-factor authentication (2FA) works like this: You enter your password and receive an additional code \u2013 usually six digits \u2013 to confirm your identity. The code can be sent via SMS or generated via an app. The goal: increased security. Good in theory. In practice, however, it has been repeatedly shown that SMS is an insecure transmission method. SMS messages are not encrypted; they travel openly through the mobile network. Anyone with access to certain network technology can read these messages. That's exactly what happened.<\/p>\n\n\n\n

What exactly happened: One million 2FA SMS intercepted<\/h4>\n\n\n\n

According to a report by Bloomberg Businessweek<\/a> and Lighthouse Reports<\/a> , around one million text messages containing 2FA codes were intercepted in June 2023. An industry insider provided phone connection data showing that all of these messages were routed through a company called Fink Telecom Services. This company is based in Switzerland but operates internationally and has a history of collaborating with government intelligence agencies and surveillance companies. The intercepted messages contained security codes from a variety of major companies, including Google, Meta (Facebook, Instagram & WhatsApp), Amazon, Signal, Snapchat, Tinder, Binance, and several European banks.<\/p>\n\n\n\n

Background monitoring: 2FA SMS redirected<\/h4>\n\n\n\n

The codes were sent to users in over 100 countries on five continents. This was not a random isolated incident, but rather a systematic redirection and analysis of highly sensitive SMS messages. According to the report, Fink Telecom Services was responsible for routing the messages\u2014that is, how the SMS messages reached the recipient via international networks. The company's CFO claims that Fink merely provides technical infrastructure and is not actively involved in surveillance. Security experts disagree: They have linked Fink to cases in the past in which precisely such SMS codes were intercepted and later used for hacks.<\/p>\n\n\n\n

Why SMS codes can be intercepted so easily<\/h4>\n\n\n\n

The major problem with SMS is the lack of encryption. When you receive an SMS, it is transmitted unprotected through the mobile network. This makes it possible for attackers to intercept the messages \u2013 especially if they have access to routing points or international exchanges. And that's where Fink Telecom Services comes in. The company operates such exchanges and is therefore able to access large amounts of SMS data. The security gap is therefore no coincidence, but a structural problem in the mobile network \u2013 especially with cross-border messages. The combination of technical infrastructure, outdated protocols, and a lack of encryption makes it possible for external actors to read what should actually remain confidential.<\/p>\n\n\n\n

Which providers were affected<\/h4>\n\n\n\n

Affected were companies that send 2FA codes via SMS as standard. These include:<\/p>\n\n\n\n