Twilio urges users to update Authy apps after hack

4 Jul 2024

Image: © Tada Images/Stock.adobe.com

The Silicon Valley company said that while Authy accounts were not compromised, threat actors may try to use stolen phone numbers for phishing attacks.

Twilio has asked users of its two-factor authentication app Authy to update to the latest Android or iOS version for security, following a hack that may have stolen millions of phone numbers.

In an update this week, the US cloud communications and messaging service said it has detected “threat actors” who were able to identify data associated with Authy accounts, including phone numbers, due to an “unauthenticated endpoint”.

“We have taken action to secure this endpoint and no longer allow unauthenticated requests. We have seen no evidence that the threat actors obtained access to Twilio’s systems or other sensitive data,” Twilio wrote.

“While Authy accounts are not compromised, threat actors may try to use the phone number associated with Authy accounts for phishing and smishing attacks. We encourage all Authy users to stay diligent and have heightened awareness around the texts they are receiving.”

This comes after a person or group called ShinyHunters published a list of 33m phone numbers from Authy on the dark web last week, according to TechCrunch.

ShinyHunters has been linked to multiple high-profile data breaches since 2020. Earlier this year, it was linked to a similar Ticketmaster hack that may have affected the data of up to 560m people. The threat actor posted on a dark web forum, offering to sell the batch of data it claimed to possess for $500,000.

Based in San Francisco, Twilio provides cloud-based communication tools to companies looking to engage with their customers more efficiently. It was founded in 2008 and reported a revenue of $4.15bn last year.

In February last year, the company announced it was laying off 17pc of its global workforce in a bid to restructure its business and increase profits. This came five months after Twilio first announced a round of job cuts in September 2022, when it said it would downsize its then global headcount of 8,000 by 11pc.

Find out how emerging tech trends are transforming tomorrow with our new podcast, Future Human: The Series. Listen now on Spotify, on Apple or wherever you get your podcasts.

Vish Gain is a journalist with Silicon Republic

editorial@siliconrepublic.com