Using Authy? Beware of impending phishing attempts

2024-07-11 12:34

Do you use Authy for your multi-factor authentication needs? If you do, you should keep an eye out for phishing attempts, as well as implement defenses against SIM swapping attacks.

On July 1, Twilio - the company that develops the Authy MFA mobile app - shared with the public that attackers have leveraged one of its unauthenticated API endpoints to compile a list of phone numbers and other data belonging to Authy users.

Company systems were not breached, Twilio said, and Authy accounts have not been compromised, but the company warned that "Threat actors may try to use the phone number associated with Authy accounts for phishing and smishing attacks."

The list, which apparently holds data of 33 million Authy users, has been offered for sale by ShinyHunters, a threat actor that specializes in breaching companies and stealing their customers data, then holding it for ransom and/or selling it to the highest bidder on forums and markets frequented by cybercriminals.

The group suggests cross-referencing the Authy list with customer databases stolen from cryptocurrency exchanges Gemini and Nexo, so that the buyers can engage in extremely targeted phishing or SIM swapping to get their hands on users' cryptocurrency stash.

Abusing API endpoints for scraping and validating data is done both by legitimate companies and cybercriminals, as the practice is not technically illegal.

News URL

https://www.helpnetsecurity.com/2024/07/11/using-authy-beware-of-impending-phishing-attempts/

#phishing