The SMS Authentication Link Vulnerability: How 175 Services Put You at Risk
New research exposes a major SMS authentication link vulnerability affecting 175 services. Learn how scammers use link enumeration to steal identity and data.
Convenience comes at a heavy price. New research reveals that the text message links you use to log in without a password are an open invitation for scammers to hijack your personal data.
The SMS Authentication Link Vulnerability Crisis
Websites are ditching usernames and passwords for the ease of SMS authentication, but this shortcut is imperiling the privacy of millions. According to a paper published last week, over 175 services—ranging from insurance providers to job boards—are leaving users vulnerable to identity theft.
How Scammers Guess Your Login Link
The flaw lies in 'link enumeration.' The security tokens at the end of login URLs are often predictable. By simply incrementing a number—changing 123 to 124—researchers could bypass security and view private details like partially completed insurance applications. It's a low-effort attack that's incredibly easy to execute at scale.
Authors
Related Articles
Dirty Frag gives low-privilege users root access on virtually every Linux distro. The exploit code leaked three days ago. Microsoft says attackers are already experimenting with it.
OpenAI's new Daybreak initiative uses the Codex AI agent to find and patch security vulnerabilities before attackers do—putting it in direct competition with Anthropic's secretive Claude Mythos.
Yarbo's robot lawn mowers had critical security flaws exposing GPS, Wi-Fi passwords, and emails. The company confirmed the findings and cut remote access. But the real issue runs deeper than one brand.
A critical Linux kernel vulnerability called CopyFail lets any low-privilege user seize full root access. It affects nearly every major distro, is being actively exploited, and patches haven't reached most systems yet.
Dirty Frag gives low-privilege users root access on virtually every Linux distro. The exploit code leaked three days ago. Microsoft says attackers are already experimenting with it.
OpenAI's new Daybreak initiative uses the Codex AI agent to find and patch security vulnerabilities before attackers do—putting it in direct competition with Anthropic's secretive Claude Mythos.
Yarbo's robot lawn mowers had critical security flaws exposing GPS, Wi-Fi passwords, and emails. The company confirmed the findings and cut remote access. But the real issue runs deeper than one brand.
A critical Linux kernel vulnerability called CopyFail lets any low-privilege user seize full root access. It affects nearly every major distro, is being actively exploited, and patches haven't reached most systems yet.
Thoughts
Share your thoughts on this article
Sign in to join the conversation