Business
Twilio says hackers identified cell phone numbers of two-factor app Authy users
Last week, a hacker claimed to have stolen 33 million phone numbers from U.S. messaging giant Twilio. On Tuesday, Twilio confirmed to TechCrunch that “threat actors” were able to identify the phone number of people who use Authy, a popular two-factor authentication app owned by Twilio.
In a post on a well-known hacking forum, the hacker or hackers known as ShinyHunters wrote that they hacked Twilio and obtained the cell phone numbers of 33 million users.
Twilio spokesperson Kari Ramirez told TechCrunch that the company “has detected that threat actors were able to identify data associated with Authy accounts, including phone numbers, due to an unauthenticated endpoint. We have taken action to secure this endpoint and no longer allow unauthenticated requests.”
“We have seen no evidence that the threat actors obtained access to Twilio’s systems or other sensitive data. As a precaution, we are requesting all Authy users to update to the latest Android and iOS apps for the latest security updates and encourage all Authy users to stay diligent and have heightened awareness around phishing and smishing attacks,” Ramirez wrote in an email.
Twilio also published an alert on its official website on Monday, including the same statement.
While obtaining a list of phone numbers — on its own — may not appear to be the most dangerous of data breaches, it could still pose a threat to the owners of those numbers.
“If attackers are able to enumerate a list of user’s phone numbers, then those attackers can pretend to be Authy/Twilio to those users, increasing the believability in a phishing attack to that phone number,” Rachel Tobac, an expert in social engineering and CEO of SocialProof Security, told TechCrunch.
Tobac explained that now hackers can specifically target people who they know are Authy users, giving the attackers a chance to make it look like their malicious messages really come from Authy and Twilio.
In 2022, Twilio suffered a larger data breach, when a group of hackers accessed the data of more than 100 company customers. Armed with that information, the hackers then launched a wide-ranging phishing campaign which resulted in the theft of around 10,000 employee credentials from at least 130 businesses. As part of that breach at the time, Twilio said hackers successfully targeted 93 individual Authy users and were able to register additional devices on those victims’ Authy accounts, allowing them to effectively steal real two-factor codes.
Greatest Amazon Black Friday deals: Early savings on Fire TVs, robot vacuums, and MacBooks
A24 is selling chocolate now. But what would their films actually taste like?
New teen video-viewing guidelines: What you should know
‘Wicked’ review: Ariana Grande and Cynthia Erivo aspire to movie musical magic
How to watch ‘Smile 2’ at home: When is it streaming?
Black Friday 2024: The greatest early deals in Australia – live now
‘Dune: Prophecy’ review: The Bene Gesserit shine in this sci-fi showstopper
Earth’s mini moon could be a chunk of the big moon, scientists say
The space station is leaking. Why it hasn’t imperiled the mission.
‘Interior Chinatown’ review: A very ambitious, very meta police procedural spoof
‘Venom: The Last Dance’ review: Half a great, stupid movie
‘Here’ review: Robert Zemeckis, Tom Hanks, and Robin Wright reunite
The 34 greatest Australian horror films (and where to watch them)
Monday Night Football’s onside-kick rule confusion showed how Google can spread misinformation online
Menendez brothers case reignites online: The questions that keep resurfacing
When do Black Friday sales start? What to expect from Walmart, Greatest Buy, and more
How to watch the 2024-2025 NBA season without cable: The greatest streaming deals
Election 2024: The truth about voting machine security
Halloween 2024: Weekend debates, obscure memes, and a legacy of racism
‘Only Murders in the Building’ Season 4 ending explained: Who killed Sazz and why?
Greatest Amazon Black Friday deals: Early savings on Fire TVs, robot vacuums, and MacBooks
A24 is selling chocolate now. But what would their films actually taste like?
New teen video-viewing guidelines: What you should know
‘Wicked’ review: Ariana Grande and Cynthia Erivo aspire to movie musical magic
How to watch ‘Smile 2’ at home: When is it streaming?
Black Friday 2024: The greatest early deals in Australia – live now
‘Dune: Prophecy’ review: The Bene Gesserit shine in this sci-fi showstopper
Earth’s mini moon could be a chunk of the big moon, scientists say
The space station is leaking. Why it hasn’t imperiled the mission.
‘Interior Chinatown’ review: A very ambitious, very meta police procedural spoof
-
Entertainment6 days ago‘Interior Chinatown’ review: A very ambitious, very meta police procedural spoof
-
Entertainment5 days agoEarth’s mini moon could be a chunk of the big moon, scientists say
-
Entertainment6 days agoX users are fleeing to BlueSky: Here’s a quick-start guide on how to sign up
-
Entertainment6 days ago6 gadgets to help keep your home clean, from robot vacuums to electric scrubbers
-
Entertainment5 days agoThe space station is leaking. Why it hasn’t imperiled the mission.
-
Entertainment4 days ago‘Dune: Prophecy’ review: The Bene Gesserit shine in this sci-fi showstopper
-
Entertainment3 days agoBlack Friday 2024: The greatest early deals in Australia – live now
-
Entertainment2 days agoHow to watch ‘Smile 2’ at home: When is it streaming?
