by Tim Hardwick
Twilio has updated its Authy two-factor authentication (2FA) service after a hacker claimed to have retrieved 33 million phone numbers from its user database.
TechCrunch reports that the hacker(s) known as ShinyHunters took to a well-known hacking forum to boast about the theft of 33 million cell phone numbers, achieved by what Twilio described as the use of an "authenticated endpoint."
The U.S. messaging giant confirmed this week that "threat actors" gained access to its servers, resulting in the theft of users' phone numbers, but it did not specify how many were accessed. The company said it had taken action to secure the exploit and prevent similar future unauthenticated requests.
"We have seen no evidence that the threat actors obtained access to Twilio's systems or other sensitive data," said the company in a blog post. "While Authy accounts are not compromised, threat actors may try to use the phone number associated with Authy accounts for phishing and smishing attacks; we encourage all Authy users to stay diligent and have heightened awareness around the texts they are receiving."
As Twilio notes, obtaining a list of phone numbers may not appear in itself to pose a severe security threat. However, attackers could conceivably contact users and claim to be Authy or Twilio representatives in order to get them to reveal personal information as part of a phishing campaign.
Users should update to the latest version of the iOS app, available on the App Store. Twilio also advises users who cannot access their Authy account to contact its support team immediately.
- How to Use Safari's Built-in 2FA Code Generator
At the beginning of the year, Authy announced that it was shutting down its Mac and Linux desktop apps in August 2024, but ended up bringing the date forward. The apps were subsequently killed off in March.
Tag: Two-Factor Authentication
[ 78 comments ]
Popular Stories
Apple Shares Full List of Over 250 New Features and Changes Coming With iOS 18
Wednesday September 11, 2024 7:16 am PDT by Joe Rossignol
Following its iPhone 16 event on Monday, Apple shared a PDF on its website with a list of all new features and changes coming with iOS 18. The list includes many features that were already announced, including Apple Intelligence, new customization options for the Home Screen and Control Center, a redesigned Photos app, several enhancements to the Messages app, a Passwords app, and more....
Read Full Article • 66 comments
First iPhone 16 Carrier Deals Include iPhone 16/16 Pro For Free, $1,000 Off iPhone 16 Pro Max
Monday September 9, 2024 3:18 pm PDT by Mitchel Broussard
Apple today announced the latest lineup of iPhones, including the iPhone 16, iPhone 16 Plus, iPhone 16 Pro, and iPhone 16 Pro Max. Pre-orders for these devices begin September 13, and if you plan on ordering from a cellular carrier in the United States, there will be plenty of options for discounts from the major carriers. AT&T is offering the iPhone 16 and iPhone 16 Pro at no cost with...
Read Full Article • 75 comments
Skipping the iPhone 16 Pro? Here's What's Rumored for iPhone 17 Pro
Wednesday September 11, 2024 8:20 am PDT by Joe Rossignol
Will you be skipping the iPhone 16 Pro and waiting another year to upgrade? If so, we already have some iPhone 17 Pro rumors for you. Below, we recap key new features rumored for the iPhone 17 Pro models so far: 24MP front camera for all iPhone 17 models: All four iPhone 17 models will feature an upgraded 24-megapixel front-facing camera, according to Apple supply chain analysts Ming-Chi...
Read Full Article • 144 comments
Apple Discontinues iPhone 15 Pro, iPhone 15 Pro Max and iPhone 13
Monday September 9, 2024 2:09 pm PDT by Juli Clover
With the launch of the new iPhone 16, iPhone 16 Plus, iPhone 16 Pro, and iPhone 16 Pro Max, Apple has discontinued some of its older iPhones. As of today, Apple is no longer selling the iPhone 13, and the iPhone 15 Pro and iPhone 15 Pro Max have been replaced with the iPhone 16 Pro and iPhone 16 Pro Max. The iPhone SE remains as Apple's most affordable device, with the iPhone 14 and iPhone...
Read Full Article • 95 comments
Apple Announces iPhone 16 Pro and iPhone 16 Pro Max with Larger Displays, New Camera Control, and More
Monday September 9, 2024 11:13 am PDT by Hartley Charlton
Apple today announced the iPhone 16 Pro and iPhone 16 Pro Max—its latest flagship smartphones—featuring larger displays, an all-new Camera Control button, and the A18 Pro chip. The iPhone 16 Pro has a 6.3-inch display, while the iPhone 16 Pro Max features a 6.9-inch display—the biggest iPhone display ever. The borders around the display are the thinnest of any Apple device. The...
Read Full Article • 415 comments
Apple Releases New AirPods Pro 2 Firmware With Support for iOS 18 Features
Tuesday September 10, 2024 11:40 am PDT by Juli Clover
Apple today released a new firmware update for the AirPods Pro 2, including both the Lightning and USB-C versions. The firmware has a build number of 7A294, up from 6F8, and it is available for all AirPods Pro 2 users. Apple has been beta testing this update, but it is launching ahead of when iOS 18 becomes available next Monday. There are multiple features that Apple is adding to the...
Read Full Article • 114 comments
Everything Apple Announced at Today's Event in 13 Minutes
Monday September 9, 2024 6:02 pm PDT by Juli Clover
Apple today held the "It's Glowtime" fall event to debut new iPhone 16 models, a new version of the Apple Watch, new AirPods, and more. It took Apple more than an hour and a half to introduce the new devices, but we've recapped everything in a quick 13 minute video for our readers who want a short but detailed overview of what's new. Subscribe to the MacRumors YouTube channel for more videos. ...
Read Full Article • 189 comments
Top Rated Comments
jasonsmith_88
10 weeks ago
Been using Authy for years but I’ve always been suss on the requirement for a phone number, especially as Twilio’s entire business model is SMS.
You should not have to, nor expect to, disclose your phone number in order to use a TOTP generator. My data has already been leaked so many times, so I migrated to 2FAS about a month ago in anticipation of an event like this. Sadly my data was leaked because Authy takes 30 days to delete an account ?
Do not use Authy.
Score: 14 Votes (Like | Disagree)
antiprotest
10 weeks ago
Never even heard of Twilio, should we be concerned? :rolleyes:
Many of the services you have heard of use Twilio. It offers APIs and such. So it's not a name customers will always directly face, but it's there. In this case, Twilio owns Authy.
Score: 10 Votes (Like | Disagree)
JosephAW
10 weeks ago
Never even heard of Twilio, should we be concerned? :rolleyes:
Score: 7 Votes (Like | Disagree)
chucker23n1
10 weeks ago
Many of the services you have heard of use Twilio.
Yep.
For example, lots of companies use Twilio SendGrid for transactional mails (password change confirmations, etc.) or marketing mails (newsletters, etc.). Or they use Twilio itself to send text messages.
Score: 6 Votes (Like | Disagree)
WarmWinterHat
10 weeks ago
Bummer. I liked Twilio's Authy, in part because it synced well between macOS and iOS. But now iCloud Keychain can do this as well, so I might as well migrate to that.I also still use Twilio's SendGrid.
I don't use Authy anymore, but I've always kept my 2FA codes separate from my passwords app. If one got compromised, at least the 2FA sites would still be secure.
Score: 6 Votes (Like | Disagree)
Jackbequickly
10 weeks ago
Things like this happen all the time. Most of the time we never are even informed, even when they get way more than our phone numbers. It is near unavoidable in today's world.
Score: 5 Votes (Like | Disagree)
Read All Comments
'); }
Next Article
Apple to Allow iPad Users in EU to Download Apps From Third-Party App Stores From September 16