Twilio hack leaves Authy users exposed to text-messaging scams

If you use Authy, update your app immediately. Twilio, the messaging company that owns the two-factor authentication service, confirmed to TechCrunch on Wednesday that hackers breached Twilio and acquired mobile phone numbers for 33 million users.

Twilio published a statement on its website also confirming the hack. “Twilio has detected that threat actors were able to identify data associated with Authy accounts, including phone numbers, due to an unauthenticated endpoint,” the statement reads. “We have taken action to secure this endpoint and no longer allow unauthenticated requests.”

The company added that there was no evidence that the hackers accessed Twilio’s systems or sensitive data. But updating to the latest version of the iOS and Android apps (on any devices you’re running) is critical as they include new security updates.

Twilio stressed that Authy accounts weren’t compromised. However, the hackers (and anyone they share the data with) could “try to use the phone number associated with Authy accounts for phishing and smishing attacks.”

If you aren’t familiar with the term, smishing is the text-message equivalent of phishing. So, if you have an Authy account, be extra cautious about any unexpected texts that appear to come from trusted sources, especially Authy or Twilio.

Rachel Tobac, a social engineering expert and CEO of SocialProof Security, illustrated to TechCrunch what that may look like. “If attackers are able to enumerate a list of user’s phone numbers, then those attackers can pretend to be Authy/Twilio to those users, increasing the believability in a phishing attack to that phone number,” Tobac said.

“We encourage all Authy users to stay diligent and have heightened awareness around the texts they are receiving,” Twilio stressed.

This article originally appeared on Engadget at https://www.engadget.com/twilio-hack-leaves-authy-users-exposed-to-text-messaging-scams-165156650.html?src=rss https://www.engadget.com/twilio-hack-leaves-authy-users-exposed-to-text-messaging-scams-165156650.html?src=rss

Created 1y | Jul 3, 2024, 5:30:27 PM

Other posts in this group

Get two months of Paramount+ for only $2 right now

It's hot out there, so this might be the perfect time to stay in and binge some TV. Paramount+ is offering one heck of a deal right now for budding couch potatoes,

Jul 3, 2025, 12:50:14 PM | Engadget

OpenAI disavows online broker Robinhood's sale of 'OpenAI tokens'

OpenAI has condemned online brokerage firm Robinhood's sale of "OpenAI tokens," saying they will not give consumers stock in the company. "We did not partner with Robinhood, were not involved in th

Jul 3, 2025, 12:50:13 PM | Engadget

What to expect at Samsung Galaxy Unpacked next week

Samsung has announced that its next Galaxy Unpack

Jul 3, 2025, 12:50:12 PM | Engadget

This Dyson cordless vacuum is $180 off for Prime Day

Amazon Prime Day is back again with a flurry of heavy-hitting sales. There are great deals to be had on small home

Jul 3, 2025, 12:50:10 PM | Engadget

Uber drivers in British Columbia, Canada have unionized

Uber drivers in British Columbia, Canada have joined a union and are now seeking the first collective deal for ride-share drivers in the country, according to

Jul 3, 2025, 12:50:09 PM | Engadget

The Ring Pan-Tilt Indoor Cam drops to $40 for Prime Day

Ring's indoor camera that has a motorized base to give you a 360-degree view is cheaper than ever in a Prime Day deal. The

Jul 3, 2025, 12:50:08 PM | Engadget

Even before the Xbox layoffs, there was 'tension' at Halo Studios

At least five employees at Halo Studios have been fired as part of

Jul 3, 2025, 1:20:08 AM | Engadget

Techie