Twilio alerts Authy two-factor app users that ‘threat actors’ have their phone numbers

Share via:


Twilio says someone has obtained phone numbers associated with its two-factor authentication service (2FA), Authy, as reported earlier by TechCrunch. In a security alert on Monday, Twilio warns that the “threat actors” may try to use the stolen phone numbers to carry out phishing attacks and other scams.

The incident follows a 2022 data breach that occurred after a phishing campaign tricked employees into disclosing their login credentials. The attackers accessed data from 163 Twilio accounts and managed to access and register additional devices on 93 Authy accounts.

Twilio traced this leak back to “an unauthenticated endpoint” that it has since secured. Last week, the threat actor ShinyHunters published a list of 33 million phone numbers from Authy accounts on the dark web. As pointed out by BleepingComputer, the threat actor seems to have obtained the information by inputting a massive list of phone numbers into Authy’s unsecured API endpoint, which would then verify whether they’re associated with the app.

“We encourage all Authy users to stay diligent and have heightened awareness around the texts they are receiving,” Twilio writes. It adds that it “has seen no evidence that the threat actors obtained access to Twilio’s systems or other sensitive data” and that Authy accounts weren’t compromised. Twilio is advising users to update their Authy apps on Android and iOS (the Authy desktop app has been discontinued).



Source link

Disclaimer

We strive to uphold the highest ethical standards in all of our reporting and coverage. We StartupNews.fyi want to be transparent with our readers about any potential conflicts of interest that may arise in our work. It’s possible that some of the investors we feature may have connections to other businesses, including competitors or companies we write about. However, we want to assure our readers that this will not have any impact on the integrity or impartiality of our reporting. We are committed to delivering accurate, unbiased news and information to our audience, and we will continue to uphold our ethics and principles in all of our work. Thank you for your trust and support.

Popular

More Like this

Twilio alerts Authy two-factor app users that ‘threat actors’ have their phone numbers


Twilio says someone has obtained phone numbers associated with its two-factor authentication service (2FA), Authy, as reported earlier by TechCrunch. In a security alert on Monday, Twilio warns that the “threat actors” may try to use the stolen phone numbers to carry out phishing attacks and other scams.

The incident follows a 2022 data breach that occurred after a phishing campaign tricked employees into disclosing their login credentials. The attackers accessed data from 163 Twilio accounts and managed to access and register additional devices on 93 Authy accounts.

Twilio traced this leak back to “an unauthenticated endpoint” that it has since secured. Last week, the threat actor ShinyHunters published a list of 33 million phone numbers from Authy accounts on the dark web. As pointed out by BleepingComputer, the threat actor seems to have obtained the information by inputting a massive list of phone numbers into Authy’s unsecured API endpoint, which would then verify whether they’re associated with the app.

“We encourage all Authy users to stay diligent and have heightened awareness around the texts they are receiving,” Twilio writes. It adds that it “has seen no evidence that the threat actors obtained access to Twilio’s systems or other sensitive data” and that Authy accounts weren’t compromised. Twilio is advising users to update their Authy apps on Android and iOS (the Authy desktop app has been discontinued).



Source link

Disclaimer

We strive to uphold the highest ethical standards in all of our reporting and coverage. We StartupNews.fyi want to be transparent with our readers about any potential conflicts of interest that may arise in our work. It’s possible that some of the investors we feature may have connections to other businesses, including competitors or companies we write about. However, we want to assure our readers that this will not have any impact on the integrity or impartiality of our reporting. We are committed to delivering accurate, unbiased news and information to our audience, and we will continue to uphold our ethics and principles in all of our work. Thank you for your trust and support.

Website Upgradation is going on for any glitch kindly connect at office@startupnews.fyi

More like this

New-Age Tech Stocks Slide Amid Volatility In Broader Market

The downward streak of the Indian equities market...

How OpiGo Is Giving Retail Investors A Shield Against...

SUMMARY OpiGo is a tech platform that provides stock...

Popular

Upcoming Events

Startup Information that matters. Get in your inbox Daily!