An unauthenticated endpoint in Authy was exploited by unidentified threat actors, as disclosed by cloud communications provider Twilio. This led to the exposure of data linked with Authy accounts such as users’ mobile numbers.
Steps were taken by the company to secure the endpoint, rendering it incapable of receiving unauthenticated requests.
Days after an online persona known as ShinyHunters released a database containing 33 million phone numbers reportedly obtained from Authy accounts on BreachForums, the development has emerged.
A well-known 2FA application, Authy has been under Twilio’s ownership since 2015 and is widely used for enhancing account security.
July 1, 2024
According to a security alert on July 1, 2024, there is no indication that the threat actors were able to access Twilio’s systems or any confidential information.
To err on the side of caution, it suggests that users update their Android apps to version 25.1.0 or later and iOS apps to version 26.1 .0 or later as a precautionary measure’.
The warning also stated that the individuals behind the threat may try to employ phishing and smishing tactics using phone numbers linked with Authy accounts.
It was mentioned that all Authy users should remain vigilant and be more alert about the messages they are receiving.
Woow , good to get this information
Nice
Valid information 👍🏻
Thanks
Thank you
Thank you for this information
I will always have it in mind
This is wonderful. Thanks for the info
This is really awesome
Thanks for the info
Thanks for the info
This information is so good
Thanks for the info
What an amazing info there.
Thank you for this information.
Valid information 💯 Thanks 👍🏻
This is wonderful
Thanks for the vital information
This is a good info , thankyou for sharing.
Detailed info thanks
This information is so nice thanks for sharing