A hacker claimed to have obtained 33 million phone numbers of two-factor authentication (2FA) app Authy users.(Image source: Authy)
Twilio, the developer of the two-factor authentication (2FA) app Authy, confirmed that it was the victim of a data breach last week.
Following a report of 33 million phone numbers of Authy users being stolen by hackers, Twilio confirmed in a security alert that "threat actors were able to identify data associated with Authy accounts, including phone numbers, due to an unauthenticated endpoint".
Using the unauthenticated endpoint, the hackers (or hacker), known as ShinyHunters, would input phone numbers and then see which would come back as being associated with Authy.
The endpoint has since been secured and no longer allows unauthenticated requests. Twilio added that there is no evidence that the threat actors obtained access to its systems or other sensitive data.
The company recommends all Authy users update to the latest Android and iOS apps for the latest security updates. Twilio cautions that threat actors might use the phone numbers for phishing and smishing attacks, and urges users to be vigilant.
This is not the first time that a data breach hit Twilio. Two years ago, hackers managed to access the data of more than 100 Twilio customers after successfully phishing several employees.
Source: Twilio via TechCrunch
Our articles may contain affiliate links. If you buy through these links, we may earn a small commission.