Apple and Android users have been advised to stop receiving two-factor authentication (2FA) codes via text message following revelations of a massive telecom breach that could leave sensitive data exposed to cyberattacks.

The FBI and the Cybersecurity and Infrastructure Security Agency (CISA) have warned that hackers, believed to be connected to China, infiltrated major U.S. telecom providers, including AT&T, T-Mobile, Verizon, and five other networks. The breach reportedly allowed the malicious actors to spy on customers by intercepting non-encrypted SMS messages.

In a memo released Wednesday, CISA highlighted the risks of using SMS for 2FA, stating that text messages “are not encrypted” and can be easily accessed by hackers with control over telecom networks. Instead, the agency urged users to adopt more secure methods, such as authentication apps, FIDO keys, or passkeys, which offer better protection against phishing and network breaches.

While some online services only offer SMS-based 2FA, CISA encouraged users to switch to alternative methods whenever possible. They also recommended strong passwords, password managers, PIN protections, and regular software updates to reduce vulnerabilities.

The advisory follows reports of an ongoing breach, nicknamed “Salt Typhoon,” which experts warn may be larger and more persistent than initially believed.

“We cannot say with certainty that the adversary has been evicted,” said Jeff Greene, executive assistant director for cybersecurity at CISA. “We’re tracking them, but we cannot confidently claim we know everything.”

(YWN World Headquarters – NYC)