Possible Authy Security Breach Exposes Users’ Phone Numbers

Authy is one of the best authentication services out there, as well as one of the most used. Given that, it would be absolutely catastrophic if someone managed to get a hold of internal data from that service that belongs to user. It seems like it kind of happened.

Twilio, the company behind Authy, has confirmed that hackers were able to access phone numbers belonging to Authy users in a recent data breach. The hackers, known as ShinyHunters, claimed to have stolen 33 million phone numbers from Twilio. While Twilio has not confirmed the exact number of affected users, they have acknowledged that the breach occurred due to an unauthenticated endpoint.

A Twilio spokesperson stated that there is no evidence that the hackers accessed Twilio’s systems or other sensitive data. However, as a precaution, Authy users are urged to update their apps to the latest versions for enhanced security. Although obtaining a list of phone numbers may seem less severe than other types of data breaches, it still poses a significant risk. For one, hackers can now target Authy users specifically, making their phishing attacks more convincing.

This is not the first time Twilio has been targeted by hackers. In 2022, a larger breach resulted in the theft of employee credentials from over 100 companies. During that breach, hackers were able to target 93 Authy users and steal their two-factor codes. Twilio is actively working to secure its systems and prevent future breaches. The company is also encouraging users to remain vigilant and be aware of potential phishing and smishing attacks.

For now, it doesn’t look like you need to take any action, but you should still remain in the lookout for any potential phishing attempts over the coming days or months. You can also block new devices from connecting to your account by turning off multi-device in the settings .

Source: TechCrunch

Also read: