A Twilio data breach of two-factor authentication app Authy has potentially exposed millions of phone numbers.
The breach was caused by an unauthenticated endpoint that allowed hackers to identify data associated with Authy accounts.
Twilio, the company that owns Authy, has taken steps to secure the endpoint and is recommending that all Authy users upgrade to the latest version of the app.
While the extent of the data breach is still unknown, it is important for all Authy users to take steps to protect themselves. This includes upgrading to the latest version of the app and enabling any additional security features that may be available.
We have seen no evidence that the threat actors obtained access to Twilio’s systems or other sensitive data. As a precaution, we are requesting that all Authy users update to the latest Android and iOS apps for the latest security updates. While Authy accounts are not compromised, threat actors may try to use the phone number associated with Authy accounts for phishing and smishing attacks; we encourage all Authy users to stay diligent and have heightened awareness around the texts they are receiving.
Twilio added
In addition, it is a good practice to review your two-factor authentication settings for all of your online accounts and ensure that they are enabled. Two-factor authentication can add an extra layer of security to your accounts and make it more difficult for hackers to gain access.
If you are concerned that your Authy account may have been compromised, you should contact Twilio support immediately.
