Hey there, have you heard about the recent security breach involving the Authy MFA app? It seems that criminal hackers managed to exploit an unsecured Authy API to falsely verify phone numbers, putting millions of users at risk of cyber threats.
Unsecured Authy API Exploited In Recent Attacks
Twilio, the company behind Authy, recently revealed a security incident that affected the app. According to their security update, malicious actors abused the Authy API to falsely verify millions of phone numbers.
The hackers exploited an unsecured Authy API endpoint to access user data, including phone numbers. This breach could potentially lead to malicious activities like SMS phishing and SIM swapping attacks targeting users.
Fortunately, Twilio quickly took action to secure the exposed API and urged all users to update their Authy apps to the latest versions. The updates are available for both Android and iOS users on the respective app stores.
If you’re having trouble accessing your Authy account, don’t hesitate to reach out to Twilio support for assistance.
Although Twilio didn’t disclose the identity of the hackers, reports suggest that the ShinyHunters group leaked a file containing 33 million phone numbers on the dark web, claiming they were linked to Authy accounts. These attackers exploited the unsecured Authy API to gather information about the associated accounts.
We’d love to hear your thoughts on this incident in the comments below.