If you're an Authy user, update your app immediately. Twilio has confirmed a data breach this week after hackers leaked the phone numbers of 33 million users associated with its Authy application.
In late June, the hacking group ShinyHunters announced on the newly revived BreachForums website that they had released 33 million random phone numbers tied to Twilio’s two-factor authentication app, Authy. The leaked data also included account IDs and some other non-personal information related to Authy users.
Twilio quickly addressed the breach in a security alert on its website, stating, "Twilio has detected that threat actors were able to identify data associated with Authy accounts, including phone numbers, due to an unauthenticated endpoint. We have taken action to secure this endpoint and no longer allow unauthenticated requests."
The company highlighted that there is no evidence suggesting the hackers accessed Twilio’s internal systems or obtained other sensitive information. Still, Twilio advised all Authy users to update their Android and iOS apps with the latest security patches as a precautionary measure.
"Although Authy accounts have not been compromised, threat actors may use the leaked phone numbers to attempt phishing and smishing attacks. We encourage all Authy users to remain vigilant and be cautious of any suspicious texts they receive," warned Twilio.
The security breach has raised concerns about the potential for increased phishing attacks, underscoring the importance of staying alert to unsolicited communications.
In a related incident, HubSpot has begun an investigation into a cyberattack following unauthorized access attempts against a "limited number" of its customers' accounts.