Full article from Forbes: https://www.forbes.com/sites/daveywinder/2024/03/06/millions-of-google-whatsapp-facebook-2fa-security-codes-leak-online/?sh=1cf804b17be7

Security experts advise against using SMS messages for two-factor authentication codes due to their vulnerability to interception or compromise. Recently, a security researcher discovered an unsecured database on the internet containing millions of such codes, which could be easily accessed by anyone.

[…]

With a daily flow of as many as 5 million SMS messages, the YX International database was a treasure trove of sensitive information. Information including password reset links and 2FA codes for companies such as Google, WhatsApp, Facebook and TikTok.