Overview

• Investigations revealed that Fink Telecom Services, a Swiss company with a history of working alongside government intelligence agencies, routed roughly one million 2FA messages sent in June 2023.
• Intercepted codes originated from major tech firms including Google, Meta and Amazon, as well as financial and social apps such as Binance, Tinder, Snapchat, Signal and WhatsApp.
• Because SMS messages are transmitted without encryption, two-factor codes can be captured by third-party telecom operators or surveillance contractors.
• Cybersecurity agencies such as CISA and the FBI have been warning since December 2024 that SMS-based authentication is vulnerable to espionage and account takeover.
• In response, experts and companies like Google and Signal are urging users to switch to authenticator apps or passkeys and phasing out SMS-based 2FA options.