According to Yahoo, one-time authentication codes (OTP) sent via SMS messages are still widely used as a second layer of protection in the two-factor authentication process, helping users log in to banking, email or social networking applications.
However, Yahoo warns that SMS is one of the weakest security methods because it is very vulnerable to phishing attacks.
A recent investigation by Bloomberg Businessweek and Lighthouse Reports revealed a bigger risk: these OTP codes could be accessed by third parties. Specifically, little-known Swiss telecom company Fink Telecom Services had access to more than 1 million messages containing two-factor authentication codes in June 2023.
As an intermediary between the companies that generate the authentication codes and the end users, Fink Telecom Services has the right to process and view the content of the messages. What is worrying is that this company has been suspected of participating in user monitoring activities and interfering with personal accounts.
SMS is considered one of the weakest security methods because it can be accessed by third parties.
The leaked OTP codes came from many big companies such as Google, Meta, Amazon, Tinder, Snapchat, Binance, Signal, WhatsApp and many banks in Europe. The messages were sent to users in more than 100 countries.
According to Yahoo, the main reason why SMS two-factor authentication is not secure is because companies often hire intermediaries to send SMS messages at a lower cost, through large contracts with multiple carriers and a system of “global titles” - network addresses used to connect across countries. The weakness of this system is that the hiring companies do not work directly with units like Fink Telecom Services, but through layers of subcontractors, making it more complicated to ensure data security.
Mr. Pham Manh Cuong, founder of Wischain Company Limited, explained that the two-factor authentication method via SMS messages is no longer safe today because cyber attackers are increasingly sophisticated, easily taking advantage of vulnerabilities in the security system to gain access.
One of the most common forms of phishing attacks is where seemingly reputable messages, emails, or websites are used to trick users into providing sensitive information such as usernames, passwords, or OTP codes.
Not only that, SIM swapping is also a serious threat. Fraudsters can steal the victim's phone number, from which they can receive authentication codes sent via SMS.
In addition, many users still have the habit of installing software of unknown origin, especially on Android devices, leading to spyware or keyloggers that can secretly record keyboard typing, thereby stealing access information.
While SMS authentication is still considered a certain layer of protection, compared to modern methods like Google Authenticator - an application that generates random authentication codes that change every 30 seconds and is independent of mobile networks - SMS is increasingly showing its weaknesses.
Source: https://nld.com.vn/xac-thuc-hai-yeu-to-qua-sms-rat-rui-ro-nen-dung-ung-dung-nao-196250621114624897.htm
![[Photo] Worshiping the Tuyet Son statue - a nearly 400-year-old treasure at Keo Pagoda](/_next/image?url=https%3A%2F%2Fvphoto.vietnam.vn%2Fthumb%2F1200x675%2Fvietnam%2Fresource%2FIMAGE%2F2025%2F12%2F02%2F1764679323086_ndo_br_tempimageomw0hi-4884-jpg.webp&w=3840&q=75)
![[Photo] Parade to celebrate the 50th anniversary of Laos' National Day](/_next/image?url=https%3A%2F%2Fvphoto.vietnam.vn%2Fthumb%2F1200x675%2Fvietnam%2Fresource%2FIMAGE%2F2025%2F12%2F02%2F1764691918289_ndo_br_0-jpg.webp&w=3840&q=75)
![[Video] Vietnamese technology imprint at Vietnam International Digital Week 2025](https://vphoto.vietnam.vn/thumb/402x226/vietnam/resource/IMAGE/2025/12/03/1764723723168_avatar-of-video-1031150-png.webp){kind=avatar}
![[Video] Protecting World Heritage from Extreme Climate Change](https://vphoto.vietnam.vn/thumb/402x226/vietnam/resource/IMAGE/2025/12/03/1764721929017_dung00-57-35-42982still012-jpg.webp)
Comment (0)