33 million phone numbers exposed in major Authy data breach

Authy was acquired by American cloud communications company Twilio in 2015 (Source: Twilio)

Authy, a 2FA app owned by Twilio, was affected by a data breach earlier this week. A total of 33 million phone numbers were exposed. Twilio confirmed that no other user data was compromised, with the Authy app since receiving a new security-centric update.

Anubhav Sharma, Published 07/05/2024 🇫🇷 🇪🇸 ...

Security Software

Authy is a popular third-party two-factor authenticator app that was acquired by Twilio (a San-Francisco based cloud communications company) in 2015. On 1st July 2024, Twilio confirmed in a blog post that customer phone numbers were leaked in a data breach associated with Authy. As per the post, the breach was caused by an "unauthenticated endpoint" that allowed attackers to identify phone numbers. An unauthenticated endpoint, for example, would be like a back door to a secure building that anyone could walk through without a authentication key. Twilio further assured its users that no passwords, two-factor authentication seeds, or other account details were compromised.

Twilio has encouraged users to update the Authy app urgently for security reasons (Source: Twilio)

As of now, existing Authy users should be extra vigilant against potential phishing and smishing scams. These scams often involve attackers sending text messages or making calls impersonating legitimate companies in an attempt to steal login credentials or other sensitive information. While Twilio's blog post did not specify exactly how many accounts got affected, TechCrunch states that 33 million phone numbers were stolen. Reportedly, the hacker(s) ShinyHunters claimed responsibility for the attack on a hacking forum.

Twilio has also asked Authy users to promptly update the app (Android v25.1.0 or later, iOS v26.1.0 or later). Additionally, users are encouraged to be wary of unsolicited texts or calls requesting login information. For an extra layer of security, users can consider using a hardware key for two-factor authentication, or switch to a different app altogether, like Google Authenticator.

Source(s)

Twilio via TechCrunch

Image source: Claudio Schwarz on Unsplash

Extreme data breach may affect over 2 billion people 08/15/2024

The Sinkclose vulnerability affects AMD processors dating back to 2006. (Image source: Krzysztof Hepner via Unsplash)

'Sinkclose' vulnerability discovered in post-2006 AMD chips could pose a critical threat to data security 08/11/2024

WazirX states that valuation of crypto assets is based on the time when trading was paused, which was 21st July 2024, 8:30 PM IST. (Source: WazirX)

WazirX exchange implements a two-tiered recovery plan for users following $230 million crypto theft 07/27/2024

To fix the problem, all you had to do was delete the file C-00000291*.sys in the folder C: Windows\System32\drivers\CrowdStrike. (Image source: CrowdStrike / Pixabay)

Elon Musk bans CrowdStrike from his companies 07/22/2024

Many self-service machines across Woolworths supermarkets in Australia are non-operational. (Source: @archiestaines9 on X)

Global tech outage linked to a CrowdStrike Windows content update grounds flights, disrupts businesses worldwide 07/19/2024

WazirX saw trading volume worth around 1 billion in USDT till 30th November 2023. (Source: WazirX)

$230 Million (₹1,924.41 Crore) vanish from Indian crypto exchange WazirX in suspected North Korean hack 07/19/2024

MarineMax's data was stolen between March 1 and 10 this year (Source: Bleeping Computer)

Over 123,000 users' data exposed in MarineMax data breach with Rhysida claiming responsibility 07/17/2024

Google Mandiant confirmed the cyberattack made use of an info stealer (Image source: Generated with DALL-E)

Massive AT&T security breach exposes large amounts of customer data 07/16/2024

Add IPsec tunnel page in NethSecurity 8 (Image source: NethServer Community)

NethSecurity 8.1 now available with a new connection tracking interface and user account manager 07/09/2024

Airtel accused of data breach (Source: Airtel)

Airtel denies allegations of data breach impacting 375 million customers 07/05/2024

It is not yet clear how many devices are affected by the data protection problem. (Source: Mark Wilkinson/Getty Images)

Possible data protection breaches at Apple: Deleted photos reappear on sold devices 05/20/2024

A screenshot from a dark web site taken by ThreatMon claims that ransomware group Mogilevich has stolen nearly 200 GB of data from Epic Games. (Image source: ThreatMon on X)

Epic Games data breach allegedly exposes 189 GB of customer data, source code — company denies claims 02/28/2024

A recent dump of breached accounts included 12 TB of data. (Images: stock photos w/ edits)

"Mother of all Breaches:" Massive data leak includes 12 TB of hacked info across billions of accounts 01/23/2024

Almost 7 million 23andMe users were affected in a recent data breach. (Image via 23andMe w/ edits)

Genetic testing company 23andMe discloses security breach affecting 6.9 million users 12/06/2023

Loading Comments

Comment on this article

Tesla Model 3 guardrail crash test ...

New Samsung Galaxy Z Flip6 and Gala...

Anubhav Sharma - Tech Writer - 782 articles published on Notebookcheck since 2024

Fueled by a childhood spent taking apart video game consoles to see how they worked, I turned my passion for tech into writing. I have a double Bachelor's in Computer Science Engineering (2018) and English (2024). I've been writing on a variety of tech topics since 2016, with a particular interest in gaming. When I'm not hunting down the latest tech news, you'll find me producing music, gaming, or hiking.

contact me via: @lottamuzic, LinkedIn

Please share our article, every link counts!