Notebookcheck Logo

33 million phone numbers exposed in major Authy data breach

Authy was acquired by American cloud communications company Twilio in 2015 (Source: Twilio)
Authy was acquired by American cloud communications company Twilio in 2015 (Source: Twilio)
Authy, a 2FA app owned by Twilio, was affected by a data breach earlier this week. A total of 33 million phone numbers were exposed. Twilio confirmed that no other user data was compromised, with the Authy app since receiving a new security-centric update.

Authy is a popular third-party two-factor authenticator app that was acquired by Twilio (a San-Francisco based cloud communications company) in 2015. On 1st July 2024, Twilio confirmed in a blog post that customer phone numbers were leaked in a data breach associated with Authy. As per the post, the breach was caused by an "unauthenticated endpoint" that allowed attackers to identify phone numbers. An unauthenticated endpoint, for example, would be like a back door to a secure building that anyone could walk through without a authentication key. Twilio further assured its users that no passwords, two-factor authentication seeds, or other account details were compromised.

Twilio has encouraged users to update the Authy app urgently for security reasons (Source: Twilio)
Twilio has encouraged users to update the Authy app urgently for security reasons (Source: Twilio)

As of now, existing Authy users should be extra vigilant against potential phishing and smishing scams. These scams often involve attackers sending text messages or making calls impersonating legitimate companies in an attempt to steal login credentials or other sensitive information. While Twilio's blog post did not specify exactly how many accounts got affected, TechCrunch states that 33 million phone numbers were stolen. Reportedly, the hacker(s) ShinyHunters claimed responsibility for the attack on a hacking forum.

Twilio has also asked Authy users to promptly update the app (Android v25.1.0 or later, iOS v26.1.0 or later). Additionally, users are encouraged to be wary of unsolicited texts or calls requesting login information. For an extra layer of security, users can consider using a hardware key for two-factor authentication, or switch to a different app altogether, like Google Authenticator.

Source(s)

static version load dynamic
Loading Comments
Comment on this article
Please share our article, every link counts!
> Expert Reviews and News on Laptops, Smartphones and Tech Innovations > News > News Archive > Newsarchive 2024 07 > 33 million phone numbers exposed in major Authy data breach
Anubhav Sharma, 2024-07- 5 (Update: 2024-07- 5)