Editor-DN
Owned by cloud communications provider Twilio. revealed that unknown threat actors exploited an unauthenticated endpoint in Authy to identify data associated with Authy accounts, including users’ cell phone numbers;
The company said it has taken steps to secure the endpoint to no longer accept unauthorized requests.
The development comes days after an online personality named Shiny Hunters was published. Infringement forums A database of 33 million phone numbers has reportedly been extracted from Authy accounts.
Authy, owned by Twilio since 2015, is a popular two-factor authentication (2FA) app that adds an extra layer of account security.
“We have seen no evidence that threat actors accessed Twilio’s systems or other sensitive data,” it said in a security alert dated July 1, 2024.
But out of an abundance of caution, it’s recommending that users upgrade theirs. Android (version 25.1.0 or later) and iOS (Version 26.1.0 or higher) Apps for the latest version.
It also warns that threat actors may try to use phone numbers associated with Authy accounts for phishing and smashing attacks.
“We encourage all Authy users to be diligent and be aware of the texts they receive,” he noted.
