Twilio has updated its iOS Authy two-factor authentication app following a hack that reportedly saw 33 million cellphone numbers being stolen.
Authy is the long-standing two-factor authentication app that is meant to make logging in to services more secure. Most recently, it dropped support for all desktop platforms, including the Mac, in favor of its iPhone and Android apps.
Now Twilio, developer of the app, has confirmed in a blog post that it was hacked, in what it says was a limited way. Without saying how many people were affected, the company says the hack was confined to phone numbers.
"We have seen no evidence that the threat actors obtained access to Twilio's systems or other sensitive data," says the company. "While Authy accounts are not compromised, threat actors may try to use the phone number associated with Authy accounts for phishing and smishing attacks; we encourage all Authy users to stay diligent and have heightened awareness around the texts they are receiving."
Twilio says that the hack used what it describes only as an "unauthenticated endpoint." The company has now stopped allowing such unauthenticated requests, and says it has secured this particular endpoint.
Users should update to the latest version of the iOS app, which is available on the App Store. Twilio further says that users who are unable to access their Authy account should immediately contact its support team.
Although Twilio has not revealed how many users' details were affected, TechCrunch reports that the hackers claim to have stolen 33 million phone numbers.
5 Comments
Glad I never signed up for it!
I tried it, but quickly switched to the Yubico authenticator app as I felt Authy had serious security risks.
Authy really needs to fix their issues.
So 2FA was supposed to make everything more secure but brings its own risks. What a surprise.