Twilio has announced an update to its iOS Authy two-factor authentication app following a security breach in which 33 million phone numbers were reportedly stolen.
Authy, a widely-used two-factor authentication app, is designed to enhance the security of logging into services. Recently, it ceased support for all desktop platforms, including Mac, to focus solely on its iPhone and Android apps.
In a blog post, Twilio confirmed the hack, describing it as limited in scope. The company did not disclose the number of affected users but stated that only phone numbers were compromised.
"There is no evidence that the attackers accessed Twilio's systems or other sensitive data," the company stated. "Although Authy accounts remain secure, the attackers may use the stolen phone numbers for phishing and smishing attempts. We urge all Authy users to be extra cautious about the texts they receive."
The breach exploited an "unauthenticated endpoint," which Twilio has since secured and blocked from further unauthorized access. Users are advised to update to the latest version of the iOS app, available on the App Store. Those unable to access their Authy accounts should contact Twilio's support team immediately.
While Twilio has not confirmed the number of affected users, TechCrunch reports that the attackers claim to have obtained 33 million phone numbers.
Source: Authy got hacked, and 33 million user phone numbers were stolen
Authy, a widely-used two-factor authentication app, is designed to enhance the security of logging into services. Recently, it ceased support for all desktop platforms, including Mac, to focus solely on its iPhone and Android apps.
In a blog post, Twilio confirmed the hack, describing it as limited in scope. The company did not disclose the number of affected users but stated that only phone numbers were compromised.
"There is no evidence that the attackers accessed Twilio's systems or other sensitive data," the company stated. "Although Authy accounts remain secure, the attackers may use the stolen phone numbers for phishing and smishing attempts. We urge all Authy users to be extra cautious about the texts they receive."
The breach exploited an "unauthenticated endpoint," which Twilio has since secured and blocked from further unauthorized access. Users are advised to update to the latest version of the iOS app, available on the App Store. Those unable to access their Authy accounts should contact Twilio's support team immediately.
While Twilio has not confirmed the number of affected users, TechCrunch reports that the attackers claim to have obtained 33 million phone numbers.
Source: Authy got hacked, and 33 million user phone numbers were stolen
