Twilio Recommends Updating Its Authy App After Confirming Users’ Phone Numbers Were Stolen in a Cyberattack

Twilio, the mobile operator that owns the Authy two-factor authentication (2FA) app, has recommended updating the service after identifying a flaw that allowed a group of malicious parties to obtain user data, including their phone numbers. Authy is an app that offers a security service that allows you to add a layer of protection beyond passwords thanks to multi-factor authentication. Thus, users can use this “app” to access other services using an SMS code, without having to use a password. The parent company of this app, Twilio, announced that it had identified suspicious activity and confirmed that this cyberattack led to the theft of data associated with Authy users’ accounts, as explained in a statement. This information, which cybercriminals could have accessed, includes users’ phone numbers, which could have been discovered thanks to an “unauthenticated endpoint”. However, Twilio confirmed that it had already taken protective measures and that it no longer allows requests without the corresponding authentication. The company also confirmed the attack to TechCrunch, which noted that a hacker group known as ShinyHunters claimed responsibility for the attack last week in a post on a hacking forum — which it did not share — in which it noted that they had obtained the phone numbers of 33 million users. In that vein, Twilio also explained that they had found no evidence that malicious actors had accessed the company’s systems or other confidential data. With all that said, the tech company stressed that, as a precaution, it recommends that users with an Authy account update their apps on both Android and iOS devices to the latest version, to get the latest security updates. Twilio warned that this is necessary because while Authy accounts are not compromised, cybercriminals could try to use the associated phone number to carry out “phishing” and “smishing” attacks. The company added: “We encourage all Authy users to be diligent and be more aware of the text messages they receive.” Finally, they reiterated that the security of their systems is an “important part” of maintaining user trust.