Authy got hacked, and 33 million user phone numbers were stolen

AppleInsiderAppleInsider
Posted:
in iOS

Twilio has updated its iOS Authy two-factor authentication app following a hack that reportedly saw 33 million cellphone numbers being stolen.

White intertwined curved lines forming an abstract shape on a red background.
Two-factor authentication app Authy has been updated following a hack



Authy is the long-standing two-factor authentication app that is meant to make logging in to services more secure. Most recently, it dropped support for all desktop platforms, including the Mac, in favor of its iPhone and Android apps.

Now Twilio, developer of the app, has confirmed in a blog post that it was hacked, in what it says was a limited way. Without saying how many people were affected, the company says the hack was confined to phone numbers.

"We have seen no evidence that the threat actors obtained access to Twilio's systems or other sensitive data," says the company. "While Authy accounts are not compromised, threat actors may try to use the phone number associated with Authy accounts for phishing and smishing attacks; we encourage all Authy users to stay diligent and have heightened awareness around the texts they are receiving."

Twilio says that the hack used what it describes only as an "unauthenticated endpoint." The company has now stopped allowing such unauthenticated requests, and says it has secured this particular endpoint.

Users should update to the latest version of the iOS app, which is available on the App Store. Twilio further says that users who are unable to access their Authy account should immediately contact its support team.

Although Twilio has not revealed how many users' details were affected, TechCrunch reports that the hackers claim to have stolen 33 million phone numbers.



Read on AppleInsider

Comments

  • Reply 1 of 5
    chasmchasm Posts: 3,408member
    Glad I never signed up for it!
    dewme
  • Reply 2 of 5
    danielgomesdanielgomes Posts: 5member
    Let me use this opportunity to recommend the excellent 1Password app which not only is unhackable but it's fully cross platform, even on Linux.

    It's by far the best and safest password and 2FA codes manager.

    You can store anything in 1Password, even documents and they will be fully encrypted and 1000% safe.
    grom007
  • Reply 3 of 5
    6toecat6toecat Posts: 52member
    I tried it, but quickly switched to the Yubico authenticator app as I felt Authy had serious security risks. 

    Authy really needs to fix their issues.
    dewme
  • Reply 4 of 5
    charlesatlascharlesatlas Posts: 406member
    So 2FA was supposed to make everything more secure but brings its own risks. What a surprise.
  • Reply 5 of 5
    chasmchasm Posts: 3,408member
    charlesatlas said:
    So 2FA was supposed to make everything more secure but brings its own risks. What a surprise.
    No. You have this completely wrong.

    2FA isn't the problem here in any way, shape, or form.

    Authy's bad practices of storing user data in a manner that can be read by hackers is 100 percent the issue. The US and other countries need laws (if they don't already exist) that NO user data can EVER be stored in an unencrypted format.
    Alex1Nmuthuk_vanalingam
Sign In or Register to comment.