If you happen to use Authy, replace your app instantly. Twilio, the messaging firm that owns the two-factor authentication service, confirmed to TechCrunch on Wednesday that hackers breached Twilio and bought cell phone numbers for 33 million customers.
Twilio revealed a press release on its web site additionally confirming the hack. “Twilio has detected that risk actors have been in a position to establish information related to Authy accounts, together with cellphone numbers, as a consequence of an unauthenticated endpoint,” the assertion reads. “Now we have taken motion to safe this endpoint and now not enable unauthenticated requests.”
The corporate added that there was no proof that the hackers accessed Twilio’s methods or delicate information. However updating to the most recent model of the iOS and Android apps (on any gadgets you’re working) is important as they embrace new safety updates.
Twilio careworn that Authy accounts weren’t compromised. Nevertheless, the hackers (and anybody they share the info with) might “attempt to use the cellphone quantity related to Authy accounts for phishing and smishing assaults.”
If you happen to aren’t aware of the time period, smishing is the text-message equal of phishing. So, in case you have an Authy account, be further cautious about any surprising texts that seem to return from trusted sources, particularly Authy or Twilio.
Rachel Tobac, a social engineering knowledgeable and CEO of SocialProof Safety, illustrated to TechCrunch what that will appear to be. “If attackers are in a position to enumerate an inventory of person’s cellphone numbers, then these attackers can faux to be Authy/Twilio to these customers, growing the believability in a phishing assault to that cellphone quantity,” Tobac stated.
“We encourage all Authy customers to remain diligent and have heightened consciousness across the texts they’re receiving,” Twilio careworn.