If you are one of the 33 million users of Authy, it is crucial that you update your app immediately. Twilio, the company that owns Authy, recently confirmed that hackers were able to breach their systems and obtain mobile phone numbers associated with Authy accounts. This was possible due to an unauthenticated endpoint that allowed threat actors to access this data.
While Twilio has stated that there is no evidence of the hackers accessing sensitive data or their systems, it is still recommended that users update their iOS and Android apps to the latest versions. These updates contain new security measures that can help protect against any potential risks.
It’s important to note that Authy accounts themselves were not compromised in this breach. However, there is a risk that the hackers could use the acquired phone numbers to launch phishing and smishing attacks. Smishing is a form of phishing that occurs through text messages, making it crucial for users to be cautious of any unexpected texts, especially if they appear to be from trusted sources like Authy or Twilio.
Rachel Tobac, a social engineering expert and CEO of SocialProof Security, emphasized the importance of staying vigilant. Attackers could potentially use the acquired phone numbers to impersonate Authy or Twilio in phishing attempts, making it easier to deceive users. Twilio has also urged all Authy users to be cautious of any suspicious texts they may receive and to exercise heightened awareness.
In light of this security breach, it is essential for Authy users to take the necessary precautions to protect their accounts and personal information. By staying informed, updating their apps, and being cautious of any unusual texts, users can reduce the risk of falling victim to potential scams. Remember, it’s better to be safe than sorry when it comes to protecting your online accounts and personal data.
