Security News > 2024 > July > Twilio's Authy App Attack Exposes Millions of Phone Numbers

Cloud communications provider Twilio has revealed that unidentified threat actors took advantage of an unauthenticated endpoint in Authy to identify data associated with Authy accounts, including users' cell phone numbers.

The development comes days after an online persona named ShinyHunters published on BreachForums a database comprising 33 million phone numbers allegedly pulled from Authy accounts.

Authy, owned by Twilio since 2015, is a popular two-factor authentication app that adds an additional layer of account security.

It also cautioned that the threat actors may attempt to use the phone number associated with Authy accounts for phishing and smishing attacks.

"We encourage all Authy users to stay diligent and have heightened awareness around the texts they are receiving," it noted.

Struggling to focus on high impact risks? Discover the attack techniques attackers are leveraging to form attack paths to your critical assets.

News URL

https://thehackernews.com/2024/07/twilios-authy-app-breach-exposes.html