Authy security breach: Parent Company Twilio Confirms 33 Million Users’ Phone Numbers at Risk

• Hacker exposed phone numbers of 33 million Authy users.
• Twilio secured the vulnerable endpoint, preventing unauthenticated requests.
• Users advised to update the Authy app immediately.
• Incident raises concerns about two-factor authentication security.

Twilio, the parent company of the popular two-factor authentication app Authy, has confirmed a significant security breach.

The incident has exposed the phone numbers of 33 million Authy users.

What Happened?

A hacker claimed to have acquired 33 million Authy users’ phone numbers last week.

Twilio has now verified this claim, stating “Twilio has detected that threat actors were able to identify data associated with Authy accounts, including phone numbers, due to an unauthenticated endpoint. We have taken action to secure this endpoint and no longer allow unauthenticated requests. We have seen no evidence that the threat actors obtained access to Twilio’s systems or other sensitive data.”

Twilio has secured the vulnerable endpoint and no longer allows unauthenticated requests.

The company is advising all Authy users to update to the latest Android and iOS app versions for improved security.

“If attackers are able to enumerate a list of user’s phone numbers, then those attackers can pretend to be Authy/Twilio to those users, increasing the believability in a phishing attack to that phone number,” Rachel Tobac, an expert in social engineering and CEO of SocialProof Security, told TechCrunch.

User Precautions

Authy users should:

1. Update their Authy app immediately
2. Be vigilant against potential phishing attempts using the exposed phone numbers
3. Consider migrating to alternative authenticator apps like Google Authenticator

Impact on Two-Factor Authentication

Authy is widely used for generating two-factor authentication codes for various services including Twitter, Instagram, and Google accounts.

While the breach doesn’t directly compromise these codes, it raises concerns about the overall security of the platform.

Users are advised to remain cautious about any unexpected communications they receive, especially those requesting sensitive information or authentication details.

This incident serves as a reminder of the importance of regularly updating security apps and being prepared to switch to alternative solutions when necessary.

FAQs

What information was exposed in the Authy breach?

The breach exposed the phone numbers of 33 million Authy users due to an unauthenticated endpoint.

Has Twilio secured the breach?

Yes, Twilio has secured the vulnerable endpoint and no longer allows unauthenticated requests.

What should Authy users do now?

Authy users should update their app immediately, be vigilant against phishing attempts, and consider alternative authenticator apps.

Does this breach affect two-factor authentication codes?

While the codes themselves are not compromised, the breach raises concerns about the overall security of the platform.

What steps can users take to protect their accounts?

Users should regularly update security apps, be cautious of unexpected communications, and be prepared to switch to alternative solutions if necessary.

Also Read: How to Download Aadhaar, PAN card on Your WhatsApp

Also Read: PAN Card Online Apply: How to Apply for PAN Card Online, Check Status, and Download e-PAN?