Article 6P0F2 Twilio Reveals Authy Breach Has Compromised Millions of Phone Numbers

Twilio Reveals Authy Breach Has Compromised Millions of Phone Numbers

by
Krishi Chowdhary
from Techreport on (#6P0F2)
Authy.png
  • The American cloud company Twilio revealed that the attack on its authenticator app Authy had compromised the phone numbers of 33 million users.
  • Hackers have also been able to identify the accounts linked with those phone numbers.
  • A notorious hacker group called ShinyHunters is believed to be behind the attack

Authy-300x158.png

Twilio, an American cloud communications company, revealed that a data breach on Authy has exposed the phone numbers of millions of users.

Authy (owned by Twilio) is a two-factor authentication app that provides an additional layer of security on top of your passwords.

This news comes just a week after the hacker group, ShinyHunters, announced that they were able to steal 33 million Authy phone numbers. Not only that, but some other unspecified data linked to these user accounts have also been exposed.

At the time, it was unknown whether the hackers could match the numbers with the respective accounts.

ShinyHunters is the same group of hackers that stole data of 560 million Ticketmaster customers in June of this year. The 1.3TB of stolen data, which included customers' phone numbers, names, and addresses, was put up for sale on the dark web for $500,000.

Snowflake, a cloud-storage provider, was also attacked by ShinyHunters, affecting millions of customers.

Cause & Impact of the Breach

The cause of the breach is said to be an unauthorized endpoint. Twilio assured that the endpoint has now been secured and no unauthenticated requests are being allowed at the moment.

Speaking of the impact, it's important to note that Authy accounts have not been compromised; only phone numbers have been stolen.

Although your accounts are technically safe," the stolen phone numbers can be used to carry out various types of social engineering attacks. Hackers might use the stolen contacts to conduct phishing or smishing invasions.

However, on the brighter side, Twilio's internal system and other sensitive data have not been compromised.

At the time of writing, there's nothing much users can do apart from being cautious.

  • Do not click on any suspicious links received via text or email.
  • Twilio has also requested users to immediately update the Authy app to its latest Android and iOS versions.

Also note: Twilio was last hacked in 2022 when a hacker group tricked its employees into sharing their credentials with the help of voice phishing and then accessed the company's internal systems.

The post Twilio Reveals Authy Breach Has Compromised Millions of Phone Numbers appeared first on The Tech Report.

External Content
Source RSS or Atom Feed
Feed Location https://techreport.com/feed/
Feed Title Techreport
Feed Link https://techreport.com/
Reply 0 comments