33 Million Phone Numbers Exposed in Major Authy Data Breach
Authy, a popular two-factor authentication (2FA) app owned by Twilio, suffered a data breach this week, exposing the phone numbers of 33 million users. While Twilio assures that no other user data was compromised, the breach highlights the importance of strong security practices.
How it happened:
- The breach was caused by an "unauthenticated endpoint" in Authy's system, allowing attackers to access phone numbers without needing authentication.
- Twilio has confirmed that passwords, two-factor authentication seeds, and other account details were not compromised.
What to do:
- Update the Authy app: Download the latest version immediately (Android v25.1.0 or later, iOS v26.1.0 or later).
- Be cautious: Watch out for phishing and smishing scams, where attackers impersonate legitimate companies to steal your information.
- Consider alternatives: Explore using a hardware key for 2FA or switching to a different app like Google Authenticator for added security.
Twilio's response:
Twilio has acknowledged the breach and taken steps to secure its systems. They have encouraged users to update the Authy app and be vigilant against potential scams.
The takeaway:
This breach underscores the need for robust security measures, even for popular and trusted apps. Be sure to update your apps regularly, be wary of suspicious communications, and consider using alternative methods for 2FA.