Recent revelations about the Twilio Authy data breach have once again thrust the firm into the spotlight of cybersecurity concerns. Following a major data breach in 2022 affecting numerous customers, the company faced a new challenge last week. Hackers, operating under the alias ShinyHunters, claimed to have accessed data from millions of Twilio users, including users of its widely-used Authy two-factor authentication app.
In 2022, the company experienced a bigger breach when hackers accessed data from over 100 Twilio customers. This breach led to a phishing campaign that resulted in the theft of approximately 10,000 employee credentials across 130 companies. During this incident, hackers targeted 93 individual Authy users, registering additional devices on those users’ accounts and stealing real two-factor codes. So, will the Twilio Authy data breach have similar consequences? Let’s understand the situation better first.
Twilio Authy data breach: What happened?
Last week, the cybersecurity landscape was shaken by the news that hackers, operating under the alias ShinyHunters, claimed to have stolen 33 million phone numbers from Twilio, a prominent U.S. messaging service. This breach was particularly concerning as it involved users of Authy, a widely-used two-factor authentication (2FA) app owned by Twilio.
On a popular hacking forum, ShinyHunters announced their successful hack of Twilio, claiming to have obtained the phone numbers of 33 million users. This claim was validated when Twilio confirmed the breach to TechCrunch, admitting that “threat actors” had accessed data associated with Authy accounts through an unauthenticated endpoint.
“Has detected that threat actors were able to identify data associated with Authy accounts, including phone numbers, due to an unauthenticated endpoint. We have taken action to secure this endpoint and no longer allow unauthenticated requests.”
We have seen no evidence that the threat actors obtained access to Twilio’s systems or other sensitive data. As a precaution, we are requesting all Authy users to update to the latest Android and iOS apps for the latest security updates and encourage all Authy users to stay diligent and have heightened awareness around phishing and smishing attacks,”
-Twilio spokesperson Kari Ramirez told TechCrunch
According to Ramirez, the company identified that threat actors had accessed data linked to Authy accounts due to an unsecured endpoint. He also emphasized that there was no evidence indicating that the hackers accessed Twilio’s broader systems or other sensitive data. As a precaution, Twilio advised all Authy users to update their Android and iOS apps to the latest versions, which include important security updates. They also urged users to remain vigilant against potential phishing and smishing attacks.
The official security alert for Twilio Authy data breach
Twilio issued an official security alert on their website, detailing the breach and the measures taken:
Security Alert: Update to the Authy Android (v25.1.0) and iOS App (v26.1.0)
Twilio has detected that threat actors were able to identify data associated with Authy accounts, including phone numbers, due to an unauthenticated endpoint. We have taken action to secure this endpoint and no longer allow unauthenticated requests.
We have seen no evidence that the threat actors obtained access to Twilio’s systems or other sensitive data. As a precaution, we are requesting that all Authy users update to the latest Android and iOS apps for the latest security updates. While Authy accounts are not compromised, threat actors may try to use the phone number associated with Authy accounts for phishing and smishing attacks; we encourage all Authy users to stay diligent and have heightened awareness around the texts they are receiving.
This latest update addresses bug fixes, which include security updates. Please click on the link to download the latest version:
We know the security of our systems is an important part of earning and keeping your trust. We sincerely apologize that this happened. The Twilio Security Incident Response Team will post any updates here if there are any changes. If you have further questions, please reach out to your Technical Account Manager or our Support team.
Notice: If you cannot access your Authy account, we recommend you immediately contact Authy support. One of our specialists will respond to your request and work with you to get your Authy account back up and running again.
Latest data breaches: Roll20 data breach strikes a critical hit
Are we in danger?
While the exposure of phone numbers alone may not seem catastrophic, it can pose significant risks to the owners of those numbers. Hackers could use the stolen phone numbers to impersonate Authy or Twilio, making phishing attacks more convincing. By targeting known Authy users, attackers can craft more believable messages, increasing the likelihood of successful phishing attempts.
What should you do now?
In the wake of the Twilio Authy data breach, where the phone numbers of 33 million users were exposed, it’s crucial to take proactive steps to protect your personal information and mitigate potential risks. Here are key actions to consider:
- Update Authy apps: Ensure you have the latest versions of the Authy app installed on your Android or iOS devices to benefit from security fixes.
- Be vigilant against phishing and smishing: Verify the sender of any messages claiming to be from Authy or Twilio, look for signs of phishing, and avoid sharing sensitive information.
- Enable additional security measures: Use a password manager, enable two-factor authentication (2FA) on all accounts, and choose strong security questions.
- Monitor your accounts: Keep an eye on your bank and credit card statements for unauthorized transactions and consider using credit monitoring services.
- Contact support if necessary: If you suspect your Authy account has been compromised, contact Authy support immediately for assistance.
- Stay informed: Regularly check Twilio’s official communications for updates on the breach.
By taking these steps, you can significantly reduce the risks associated with the Twilio Authy data breach and protect your personal information.
The Twilio breach is a critical reminder of the ever-present threat of cyberattacks. It underscores the necessity for robust security measures and constant vigilance. Twilio’s prompt response to secure the compromised endpoint and their transparent communication with users are commendable steps. However, users must also play their part by updating their apps, remaining aware of potential phishing attacks, and maintaining overall cybersecurity hygiene.
Featured image credit: Eray Eliaçık/Bing
