Twilio's Authy

Twilio’s Authy Users Were Hacked

Twilio's Authy

Twilio’s Authy research into the August 4 breach shows that hackers registered illegal devices on Authy user accounts.

Authy is a two-factor authentication (2FA) service from Twilio that lets users safeguard online accounts that enable the functionality by identifying a second time via a dedicated app.
Twilio’s Authy provides a one-time passcode when 2FA is activated. This prevents access even if login credentials are stolen.

In addition, Hackers can access your Authy account if they acquire access to it.

The service, which rivals Google Authenticator, synchronises 2FA tokens across registered devices.

More From Us:Oracle Sued For Tracking 5 Billion People

Twilio’s Authy accounts compromised

Twilio announced Thursday that the August 4 threat actor also accessed 93 Authy accounts and linked devices to them.

Twilio says the hacked Authy accounts belong to individual users and are a minuscule percentage of 75 million.

Therefore, 93 people’ 2FA codes were accessible to hackers.

Unknown if hackers targeted 93 Twilio’s Authy users.

The company has deleted unauthorised devices from compromised accounts and informed impacted individuals with recommendations on how to protect them.

Review any associated accounts for unusual activity and contact their provider(s).
Remove any unrecognised devices from their Twilio’s Authy account.
Add a backup device and disable “Allow Multi-device” in the Authy app to prevent unauthorised device additions. To add new devices, users can re-enable “Allow Multi-device.” Here are steps.
The cloud communications firm says 163 Twilio users’ data was accessed for a limited time. They also got unauthorised access notifications.
The Twilio data breach appears to be part of a wider campaign that targeted 130 companies, including MailChimp, Klaviyo, and Cloudflare.

Twilio previously reported that 125 customers’ authentication information was compromised.

Leave a Comment

Your email address will not be published.