Security News

Twilio kills off Authy for desktop, forcibly logs out all users
2024-08-01 21:06

Twilio has finally killed off its Authy for Desktop application, forcibly logging users out of the desktop application. [...]

CISA Adds Twilio Authy and IE Flaws to Exploited Vulnerabilities List
2024-07-24 05:56

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added two security flaws to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. The...

Twilio's Authy App Attack Exposes Millions of Phone Numbers
2024-07-04 03:37

Cloud communications provider Twilio has revealed that unidentified threat actors took advantage of an unauthenticated endpoint in Authy to identify data associated with Authy accounts, including users' cell phone numbers. The development comes days after an online persona named ShinyHunters published on BreachForums a database comprising 33 million phone numbers allegedly pulled from Authy accounts.

Twilio will ditch its Authy desktop 2FA app in August, goes mobile only
2024-01-08 18:07

The Authy desktop apps for Windows, macOS, and Linux will be discontinued in August 2024, with the company recommending users switch to a mobile version of the two-factor authentication app. "We made this difficult decision to sunset the Twilio Authy desktop apps in order to streamline our focus and provide more value on existing product solutions for which we see increasing demand," explains Twilion in a new support document.

Twilio Reveals Another Breach from the Same Hackers Behind the August Hack
2022-10-29 10:25

Communication services provider Twilio this week disclosed that it experienced another "Brief security incident" in June 2022 perpetrated by the same threat actor behind the August hack that resulted in unauthorized access of customer information. "In the June incident, a Twilio employee was socially engineered through voice phishing to provide their credentials, and the malicious actor was able to access customer contact information for a limited number of customers," Twilio said.

Twilio discloses another hack from June, blames voice phishing
2022-10-27 16:59

Cloud communications company Twilio disclosed a new data breach stemming from a June 2022 security incident where the same attackers behind the August hack accessed some customers' information. The attacker used social engineering to trick an employee into handing over their credentials in a voice phishing attack.

Twilio Breach Also Compromised Authy Two-Factor Accounts of Some Users
2022-08-29 07:07

Twilio, which earlier this month became a sophisticated phishing attack, disclosed last week that the threat actors also managed to gain access to the accounts of 93 individual users of its Authy two-factor authentication service. The communication tools company said the unauthorized access made it possible for the adversary to register additional devices to those accounts.

Okta one-time MFA passcodes exposed in Twilio cyberattack
2022-08-28 17:15

The threat actor behind the Twilio hack used their access to steal one-time passwords delivered over SMS from customers of Okta identity and access management company. Okta provides its customers with multiple forms of authentication for services, including temporary codes delivered over SMS through Twilio.

Twilio breach let hackers see Okta's one-time MFA passwords
2022-08-28 17:15

The threat actor behind the Twilio hack used their access to steal one-time passwords delivered over SMS from customers of Okta identity and access management company. Okta provides its customers with multiple forms of authentication for services, including temporary codes delivered over SMS through Twilio.

DoorDash discloses new data breach tied to Twilio hackers
2022-08-26 19:30

Food delivery firm DoorDash has disclosed a data breach exposing customer and employee data that is linked to the recent cyberattack on Twilio. DoorDash previously suffered a data breach in 2019 that exposed the data of nearly 5 million customers.