If you use Authy, update your app immediately. Twilio, the messaging company that owns the two-factor authentication service, confirmed to TechCrunch on Wednesday that hackers breached Twilio and acquired mobile phone numbers for 33 million users.
Twilio published a statement on its website also confirming the hack. “Twilio has detected that threat actors were able to identify data associated with Authy accounts, including phone numbers, due to an unauthenticated endpoint,” the statement reads. “We have taken action to secure this endpoint and no longer allow unauthenticated requests.”
The company added that there was no evidence that the hackers accessed Twilio’s systems or sensitive data. But updating to the latest version of the iOS and Android apps (on any devices you’re running) is critical as they include new security updates.
Twilio stressed that Authy accounts weren’t compromised. However, the hackers (and anyone they share the data with) could “try to use the phone number associated with Authy accounts for phishing and smishing attacks.”
If you aren’t familiar with the term, smishing is the text-message equivalent of phishing. So, if you have an Authy account, be extra cautious about any unexpected texts that appear to come from trusted sources, especially Authy or Twilio.
Rachel Tobac, a social engineering expert and CEO of SocialProof Security, illustrated to TechCrunch what that may look like. “If attackers are able to enumerate a list of user’s phone numbers, then those attackers can pretend to be Authy/Twilio to those users, increasing the believability in a phishing attack to that phone number,” Tobac said.
“We encourage all Authy users to stay diligent and have heightened awareness around the texts they are receiving,” Twilio stressed.
This article originally appeared on Engadget at https://www.engadget.com/twilio-hack-leaves-authy-users-exposed-to-text-messaging-scams-165156650.html?src=rss https://www.engadget.com/twilio-hack-leaves-authy-users-exposed-to-text-messaging-scams-165156650.html?src=rssAccedi per aggiungere un commento
Altri post in questo gruppo
Don’t look down. Don’t look down. Don’t look down.
Waves the size of skyscrapers explode beneath me as I creep across a busted metal beam in the middle of the North Sea, suspended a
Epic says that Apple has once again rejected its submission for a third-party app store, according to a seri
Amazon Prime Day 2024 is less than two weeks away, but we’re already seeing a handful of decent early de
Amazon changed the face of retail over the last 20 years but has failed miserably to make inroads in the luxury goods market. Now, it's trying something new. The online retailer has purchased a sma
YouTube is trying to make it easy for its creators to remove songs from the
