Hacker Claims to Steal 33M Mobile Numbers from Twilio's Authy

TapTechNews July 5th news, a hacker with the online name ShinyHunters posted on a forum, claiming to have hacked into the cloud communications company Twilio, and stole 33 million mobile phone numbers from its two-factor authentication (2FA) application Authy.

In a blog post, Twilio said: 'Twilio detected an abnormal service. Due to an unauthenticated endpoint, threat attackers can identify Authy account-related data including phone numbers. We have taken actions to ensure the security of this endpoint and no longer allow unauthenticated requests.'

Twilio requires all Authy users to update to the latest iOS or Android application version in order to install the latest security update.

Twilio added: 'Although Authy accounts are not threatened, threat actors may try to use the phone numbers associated with Authy accounts for phishing and cyber fraud attacks; we encourage all Authy users to be vigilant and raise awareness of the text messages received.'

In two-factor authentication (2FA), a second layer of protection is required when logging into an application. TapTechNews gives the following example. After logging into an application, the user's mobile phone will receive a text message containing a password, and the user needs to enter this password to open the application. This can prevent attackers from opening the user's application, accessing their account, changing passwords, stealing sensitive data, etc.

Twilio said the customer data stolen by hackers is limited to phone numbers.