Twilio hack leaves Authy users exposed to text-messaging scams

If you use Authy, update your app immediately. Twilio, the messaging company that owns the two-factor authentication service, confirmed to TechCrunch on Wednesday that hackers breached Twilio and acquired mobile phone numbers for 33 million users.

Twilio published a statement on its website also confirming the hack. “Twilio has detected that threat actors were able to identify data associated with Authy accounts, including phone numbers, due to an unauthenticated endpoint,” the statement reads. “We have taken action to secure this endpoint and no longer allow unauthenticated requests.”

The company added that there was no evidence that the hackers accessed Twilio’s systems or sensitive data. But updating to the latest version of the iOS and Android apps (on any devices you’re running) is critical as they include new security updates.

Twilio stressed that Authy accounts weren’t compromised. However, the hackers (and anyone they share the data with) could “try to use the phone number associated with Authy accounts for phishing and smishing attacks.”

If you aren’t familiar with the term, smishing is the text-message equivalent of phishing. So, if you have an Authy account, be extra cautious about any unexpected texts that appear to come from trusted sources, especially Authy or Twilio.

Rachel Tobac, a social engineering expert and CEO of SocialProof Security, illustrated to TechCrunch what that may look like. “If attackers are able to enumerate a list of user’s phone numbers, then those attackers can pretend to be Authy/Twilio to those users, increasing the believability in a phishing attack to that phone number,” Tobac said.

“We encourage all Authy users to stay diligent and have heightened awareness around the texts they are receiving,” Twilio stressed.


Related stories
4 days ago - Twilio confirmed to CyberGuy that hackers got access to 33 million phone numbers related to its Authy two-factor authentication service.
1 week ago - In a recent email notification to its users, as seen by Stack Diary, Twilio has disclosed a security incident involving... The post Twilio issues an alert about a security incident with a 3rd party carrier appeared first on Stack Diary.
1 week ago - Twilio says "threat actors were able to identify" phone numbers of people who use the two-factor app Authy.
1 week ago - Last week, a hacker or hackers known as ShinyHunters posted a message on a popular hacking forum claiming they had compromised Twilio and obtained 33 million phone numbers registered with the Authy service.Read Entire Article
3 weeks ago - Apple Developer Academy adds AI training for students and alumni  TechCrunchApple Developer Academy introduces AI training for all students and alumni  AppleApple Offers Students AI Training at Developer Academies  MacRumorsApple launches...
Other stories
17 minutes ago - Why You Can Trust CNET Our expert, award-winning staff selects the products we cover and rigorously researches and tests our top picks. If you buy...
17 minutes ago - Amazon Prime subscribers can unlock their full streaming libraries with these VPNs, which are crucial if you travel abroad.
17 minutes ago - The worst offenders jacked up prices by as much as $50 from one year to the next.
23 minutes ago - Amazon Prime Day Starts in 2 Days. Here Are The Best Early Deals We’ve Found So Far.  The New York TimesView Full Coverage on Google News
23 minutes ago - The Google Search app for iPhone and iPad, which basically is its own browser, now offers customizable homescreen icons...