The American cloud company Twilio revealed that the attack on its authenticator app Authy had compromised the phone numbers of 33 million users.
Hackers have also been able to identify the accounts linked with those phone numbers.
A notorious hacker group called ShinyHunters is believed to be behind the attack
Twilio, an American cloud communications company, revealed that a data breach on Authy has exposed the phone numbers of millions of users.
Authy (owned by Twilio) is a two-factor authentication app that provides an additional layer of security on top of your passwords.
This news comes just a week after the hacker group, ShinyHunters, announced that they were able to steal 33 million Authy phone numbers. Not only that, but some other unspecified data linked to these user accounts have also been exposed.
At the time, it was unknown whether the hackers could match the numbers with the respective accounts.
ShinyHunters is the same group of hackers that stole data of 560 million Ticketmaster customers in June of this year. The 1.3TB of stolen data, which included customers’ phone numbers, names, and addresses, was put up for sale on the dark web for $500,000.
Snowflake, a cloud-storage provider, was also attacked by ShinyHunters, affecting millions of customers.
Cause & Impact of the Breach
The cause of the breach is said to be an unauthorized endpoint. Twilio assured that the endpoint has now been secured and no unauthenticated requests are being allowed at the moment.
Speaking of the impact, it’s important to note that Authy accounts have not been compromised; only phone numbers have been stolen.
Although your accounts are “technically safe,” the stolen phone numbers can be used to carry out various types of social engineering attacks. Hackers might use the stolen contacts to conduct phishing or smishing invasions.
However, on the brighter side, Twilio’s internal system and other sensitive data have not been compromised.
At the time of writing, there’s nothing much users can do apart from being cautious.
Do not click on any suspicious links received via text or email.
Twilio has also requested users to immediately update the Authy app to its latest Android and iOS versions.
Also note: Twilio was last hacked in 2022 when a hacker group tricked its employees into sharing their credentials with the help of voice phishing and then accessed the company’s internal systems.
The Tech Report editorial policy is centered on providing helpful, accurate content that offers real value to our readers. We only work with experienced writers who have specific knowledge in the topics they cover, including latest developments in technology, online privacy, cryptocurrencies, software, and more. Our editorial policy ensures that each topic is researched and curated by our in-house editors. We maintain rigorous journalistic standards, and every article is 100% written by real authors.
>>> Read full article>>>
Copyright for syndicated content belongs to the linked Source : TechReport – https://techreport.com/news/twilio-authy-breach-compromises-33-million-phone-numbers/