Twilio says hackers identified cell phone numbers of two-factor app Authy users
How many phone numbers did the hacker claim to steal from Twilio?
The hacker claimed to have stolen 33 million phone numbers from U.S. messaging giant Twilio.
What app's user data was compromised in the Twilio breach?
The Twilio breach compromised user data of Authy, a popular two-factor authentication app owned by Twilio. The hackers obtained mobile phone numbers associated with 33 million Authy accounts due to an unauthenticated endpoint. Although Twilio stated that there was no evidence of access to Twilio's systems or sensitive data, the breach increases the risk of phishing and smishing attacks targeting Authy users.
What specific data did hackers access from Authy accounts?
Hackers accessed the phone numbers of 93 individual Authy users and registered additional devices to their accounts. This allowed them to generate login codes for any connected 2FA-enabled account. Twilio has since removed unauthorized devices from the affected accounts and advised users to review linked accounts for suspicious activity.