Two-factor authentication app Authy has been updated following a hack
Twilio has updated its iOS Authy two-factor authentication app following a hack that reportedly saw 33 million cellphone numbers being stolen.
Now Twilio, developer of the app, has confirmed in a blog post that it was hacked, in what it says was a limited way. Without saying how many people were affected, the company says the hack was confined to phone numbers.
“We have seen no evidence that the threat actors obtained access to Twilio’s systems or other sensitive data,” says the company. “While Authy accounts are not compromised, threat actors may try to use the phone number associated with Authy accounts for phishing and smishing attacks; we encourage all Authy users to stay diligent and have heightened awareness around the texts they are receiving.”
Twilio says that the hack used what it describes only as an “unauthenticated endpoint.” The company has now stopped allowing such unauthenticated requests, and says it has secured this particular endpoint.
