Twilio urges users to update Authy apps after hack

The Silicon Valley company said that while accounts were not compromised, threat actors may try to use stolen phone numbers for phishing attacks.

Twilio has asked users of its two-factor authentication app Authy to update to the latest Android or iOS version for security, following a that may have stolen millions of phone numbers.

In an update this week, the US cloud communications and messaging service said it has detected “threat actors” who were able to identify data associated with Authy accounts, including phone numbers, due to an “unauthenticated endpoint”.

“We have taken action to secure this endpoint and no longer allow unauthenticated requests. We have seen no evidence that the threat actors obtained access to Twilio's systems or other sensitive data,” Twilio wrote.

“While Authy accounts are not compromised, threat actors may try to use the phone number associated with Authy accounts for phishing and smishing attacks. We encourage all Authy users to stay diligent and have heightened awareness around the texts they are receiving.”

This comes after a person or group called ShinyHunters published a list of 33m phone numbers from Authy on the dark web last week, according to TechCrunch.

ShinyHunters has been linked to multiple high-profile data breaches since 2020. Earlier this year, it was linked to a similar Ticketmaster hack that may have affected the data of up to 560m people. The threat actor posted on a dark web forum, offering to sell the batch of data it claimed to possess for $500,000.

Based in San Francisco, Twilio provides cloud-based communication tools to companies looking to engage with their customers more efficiently. It was founded in 2008 and reported a revenue of $4.15bn last year.

In February last year, the company announced it was laying off 17pc of its global workforce in a bid to restructure its business and increase profits. This came five months after Twilio first announced a round of job cuts in September 2022, when it said it would downsize its then global headcount of 8,000 by 11pc.

You might also like
Leave A Reply

Your email address will not be published.

This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. AcceptRead More