Developer Twilio has updated its Authy two-factor authentication app for iOS on the heels of a hack that reportedly saw 33 million cellphone numbers being exposed.
Two-factor authentication is intended to make logging into websites and apps more secure by requiring the user to furnish a second piece of authentication, which is a code generated by the Authy app. The developer recently dropped support for its desktop apps, including the macOS app, to concentrate on its iPhone and Android apps.
Twilio announced in a blog post that it had been hacked, in “a limited way.” While the developer would not say how many users were affected, it did say the hack was confined to phone numbers.
“We have seen no evidence that the threat actors obtained access to Twilio’s systems or other sensitive data,” said the developer. “While Authy accounts are not compromised, threat actors may try to use the phone number associated with Authy accounts for phishing and smishing attacks; we encourage all Authy users to stay diligent and have heightened awareness around the texts they are receiving.”
While Twilio did not specify the number of users affected in the breach, TechCrunch reports that the hackers claim to have stolen 33 million phone numbers.
Twilio says the bad actors used an “unauthenticated endpoint” to pull off the data breach. The company has now ceased allowing such unauthenticated requests (also known as closing the barn door after the horse got out) and says it has that particular endpoint has been secured.
Users are strongly advised to update their iOS app, which is available here. If you have issues accessing your Authy account, you are advised to contact the developer’s support folks.
(Via AppleInsider)