Twilio Says Hackers Identified Cell Phone Numbers of Two-Factor App Authy Users

Twilio, a major U.S. messaging company, has confirmed that unauthorized actors had identified phone numbers associated with users of its Authy two-factor authentication app. The disclosure comes after a hacker claimed last week to have obtained 33 million phone numbers from Twilio. A Twilio spokesperson told TechCrunch that the company had detected an unauthenticated endpoint allowing access to Authy account data, including phone numbers. The endpoint has since been secured.

spammer paradise

[awwshit]

Twilio is a shithole spammer paradise. Fuck those guys. Twilio does more for nefarious activity than anything else.

https://tcpaworld.com/2024/05/... [tcpaworld.com]

Re:

[Koen Lefever]

LinkedIn

Oh, the company that exposed 167 million accounts and only reported it four years later [troyhunt.com].

Re:

[awwshit]

Yes, it is a shit show all around.

How nice!!

[oldgraybeard]

"The endpoint has since been secured."

That's not how you do 2FA

[Mononymous]

2FA doesn't need a phone number.

Re:

[marcobat]

That's right, it doesn't. According to the article they collected the info and then stored it somewhere accessible without any authentication.

Face-Palm icon to be inserted here

Re: That's not how you do 2FA

[TuballoyThunder]

I think Authy uses your phone number to backup and restore your 2FA keys

So glad I left three months ago

[The Faywood Assassin]

I left this app and reset all my 2fa three months ago now. Mainly because they shut down the desktop app, leaving me with no backup device.

I'm so glad I moved to better 2fa apps now.

Re:

[The_Noid]

Would you mind sharing which ones you tried and which one you settled on in the end? I think quite a few people may be looking for alternatives now, and someone sharing their experience may save them a lot of time.