Two-factor authentication (2FA) is a proven way to add another link to your online security chain. Unfortunately, these providers are not immune to computer breaches. Authy, a solution developed by Twilio, learned this the hard way after a massive data leak.
33 million phone numbers in the wild
Othi that it Two-factor authentication mobile app Available on both iOS and Android. However, just because it aims to improve the security of its users, doesn’t mean the app itself is foolproof.
So, on July 1, Twiliothe app publisher, has advertisement It has been Victim of a major security breach.
“Twilio discovered a data leak associated with Authy accounts, including phone numbers, due to an unauthenticated endpoint. We have taken steps to secure this access point and are no longer allowing unauthenticated requests.”
According to the announcement, the attacker was not able to access critical Authy systems or more sensitive user data.
Twilio teams encourage users to perform the latest app update in order to secure their access.
Overall, it seems that up to 33 million phone numbers may have been hackedAlthough this does not directly affect user security, users can be targeted with large phishing campaigns.
As a reminder, during the attack Phishing, The attacker will impersonate a third-party entity.The goal is to contact the victim by pretending to be this entity. The attacker will then take advantage of their victim's inattention to try to extort money from them.
In the cryptocurrency ecosystem, this type of attack is unfortunately common. In March alone, $71 million was stolen from cryptocurrency users via phishing attacks.