If you use Authy, update your app immediately. Twilio, the messaging company that owns the two-factor authentication service, confirmed for TechCrunch on Wednesday, hackers hacked into Twilio and obtained the cellphone numbers of 33 million users.
Published by Twilio statement It also confirms that it was hacked on its website. “Twilio discovered that threat actors were able to identify information associated with Authy accounts, including phone numbers, due to an unauthenticated endpoint.” “We have taken measures to ensure this endpoint and no longer allow unverified requests.”
The company added that there is no evidence that hackers accessed Twilio’s systems or sensitive data. But it’s important to update the iOS and Android apps (on whatever device you’re running) to the latest version because they contain new security updates.
Twilio emphasized that Authy accounts were not compromised. However, hackers (and anyone they share data with) “may attempt to use the phone number associated with Authy accounts for phishing and spear-throwing attacks.”
If you’re not familiar with the term, smishing is the text message equivalent of phishing. So if you have an Authy account, be very wary of unexpected texts from trusted sources, especially Authy or Twilio.
Rachel Tobac, social engineering expert and CEO of SocialProof Security TechCrunch what it might look like. “If attackers can list a user’s phone numbers, then those attackers can pretend to be Authy/Twilio to those users, increasing the credibility of a phone number phishing attack,” Tobac said.
“We urge all Authy users to be diligent and aware of the texts they receive,” Twilio said.
