What to know

  • Authy, an authentication app to protect online accounts, was recently hacked, and phone numbers of 33 millions users is suspected to have been compromised.
  • Twilio, the company behind Authy, has since issued an apology and asked users to update their Authy app to the latest version.
  • This comes a week after a hacker group claimed they had stolen 33 million phone numbers from Twilio.

Twilio, the company behind the two-factor authentication app Authy, was recently hacked and the phone numbers of 33 million users was compromised.

Twilio has come out and confirmed in a blog post that “threat actors were able to identify data associated with Authy accounts, including phone numbers”. The company attributed the problem to “an unauthenticated endpoint” and assuaged users that they “have taken action to secure this endpoint and no longer allow unauthenticated requests.”

Although Twilio didn’t specify how many users were affected, a group of hackers known as ShinyHunters claimed last week that they had stolen 33 million phone numbers from Twilio. It was only after the hackers had already made it public that the company was forced to acknowledge this debacle. Since Twilio didn’t mention the number to keep the severity of the situation under control, Authy users have no other option but to accept the number floating around.  

However, Twilio has confirmed that nothing else was compromised: “We have seen no evidence that the threat actors obtained access to Twilio’s systems or other sensitive data.” 

Nevertheless, these leaked numbers could precipitate several phishing scams. Threat actors could get an Authy user to give up the codes on his/her app. When asked for identification, these attackers could enumerate the list of their phone numbers, which could make the user believe that it is an Authy support staff. 

To prevent this, Twilio has called upon all users to have heightened awareness around the texts they are receiving. The company has also called upon Authy users to update their Authy Android (v25.1.0) and iOS App (v26.10) for the latest security updates.