Millions of people imperiled through sign-in links sent by SMS

Websites using SMS authentication links are putting millions of users at risk of scams, identity theft, and other crimes, according to recent research. Over 700 endpoints were identified delivering texts for 175 services, with easily guessable links that allow scammers to access user accounts by modifying security tokens. Some links had weak token combinations, making them vulnerable to brute force attacks, while others granted unauthorized access to user data with just a click. The practice of sending authentication links via SMS poses a significant security and privacy threat to users.