Twilio says “threat actors” identified its 2FA app Authy users' phone numbers; last week, ShinyHunters claimed to have stolen 33M phone numbers from Twilio

It's not even about the data breaches - although important, Authy also sends data about which websites you're logging into. … X: Matthew Green / @matthew_d_green : The first rule of data breaches: if it exists in a database on the Internet, it will be stolen. The second rule of data breaches: the service that lost your data will be incredibly vague about exactly what the hackers took, because it's way worse than you imagine. @bleepincomputer : Twilio says that the API endpoint has now been secured and has released new versions of the Authy app. @bleepincomputer : An unauthenticated Authy API endpoint allowed threat actors to feed a massive list of phone numbers to the endpoint and verify if they are registered with the MFA platform. The threat actors claimed to verify over 33 million phone numbers (unconfirmed) used with Authy. Lorenzo Franceschi-Bicchierai / @lorenzofb : NEW: Hackers say they stole 33 million cell phone numbers of users of two-factor app Authy. Twilio (owner of Authy) confirmed “threat actors were able to identify” phone numbers, but didn't say how many. The risk is better tailored phishing attacks. https://techcrunch.com/... LinkedIn: Mirko Ross : 👻 Two-Factor-Authentifaction #2FA was yesterday... now we are moving into the decade of Three-Factor-Authentication #3FA to secure our access to applications... … Forums: Hacker News : Authy got hacked, and 33M user phone numbers were stolen r/plutus : Twilio alerts Authy two-factor app users that ‘threat actors’ have their phone numbers r/technews : Twilio says hackers identified cell phone numbers of two-factor app Authy users r/Bitwarden : Hackers exploit Authy API, accessing possibly 30 millions of phone numbers (and device_lock, device_count). Twilio takes action to secure endpoint. … r/cybersecurity : Twilio says hackers identified cell phone numbers of two-factor app Authy users | TechCrunch MacRumors Forums : Authy Users Urged to Stay Alert After Hack Exposes 33 Million Phone Numbers

TechCrunch 2024-07-05 Lorenzo Franceschi-Bicchierai

Discussion

@rstephens Robert Stephens on threads
Switch to passkeys wherever you can
@matthew_d_green Matthew Green on x
The first rule of data breaches: if it exists in a database on the Internet, it will be stolen. The second rule of data breaches: the service that lost your data will be incredibly vague about exactly what the hackers took, because it's way worse than you imagine.
@bleepincomputer @bleepincomputer on x
Twilio says that the API endpoint has now been secured and has released new versions of the Authy app.
@bleepincomputer @bleepincomputer on x
An unauthenticated Authy API endpoint allowed threat actors to feed a massive list of phone numbers to the endpoint and verify if they are registered with the MFA platform. The threat actors claimed to verify over 33 million phone numbers (unconfirmed) used with Authy.
@lorenzofb Lorenzo Franceschi-Bicchierai on x
NEW: Hackers say they stole 33 million cell phone numbers of users of two-factor app Authy. Twilio (owner of Authy) confirmed “threat actors were able to identify” phone numbers, but didn't say how many. The risk is better tailored phishing attacks. https://techcrunch.com/...
r/plutus r on reddit
Twilio alerts Authy two-factor app users that ‘threat actors’ have their phone numbers
r/technews r on reddit
Twilio says hackers identified cell phone numbers of two-factor app Authy users
r/Bitwarden r on reddit
Hackers exploit Authy API, accessing possibly 30 millions of phone numbers (and device_lock, device_count). Twilio takes action to secure endpoint. …
r/cybersecurity r on reddit
Twilio says hackers identified cell phone numbers of two-factor app Authy users | TechCrunch

Chronicles

Twilio says “threat actors” identified its 2FA app Authy users' phone numbers; last week, ShinyHunters claimed to have stolen 33M phone numbers from Twilio

Related Coverage

Discussion