One more proof that storing data in a centralized manner is very dangerous and will probably be hacked or leak at some point in the future.
I have heard Authy being recommended as an alternative to Google Authenticator a few times on the forum. To my knowledge, both software are closed-source, so not much of an alternative. If the reports are true and someone leaked over 30 million phone numbers, then the app was very popular. Social engineering schemes are to be expected...
Topic: Twilio's Authy 2FA app has been breached. - page 2. (Read 361 times)
I started using Raivo on iOS, very recommended. Offline, no-ads, totally free, allows you to export yout accounts to a ZIP archive.
Still, I used Authy for some time and had some accounts there (even though I haven't opened the app in months because I migrated to Raivo).
Still, I used Authy for some time and had some accounts there (even though I haven't opened the app in months because I migrated to Raivo).
So it's time to look for alternatives, many could have been using Google Authenticator or any other 2FA apps.
Google Authenticator is a very bad idea. I wouldn't recommend it to any oneThere is this thread that has some very good open source alternatives ----> Best 2FA applications to use. Open source, free, secure. Better than Google's. I am not sure why the topic was moved to the off-topic board despite being very informative and educated
Also, it's worth noting that andOTP Authenticator is not maintained any more, so it might not be one of the best choices available.
I'm not a user of Authy though, but early I have heard some good reviews about it. But in any case yeah, anyone should be updating on the latest version and maybe change everything as we don't know what those scammers can do with the phone numbers that they have stolen.
I also read about this topic here: Security Alert: Update your Authy to the latest version.
So it's time to look for alternatives, many could have been using Google Authenticator or any other 2FA apps.
I also read about this topic here: Security Alert: Update your Authy to the latest version.
So it's time to look for alternatives, many could have been using Google Authenticator or any other 2FA apps.
Crazy times and pretty scary too to the users of the 2-factor authentication App. I think this is a wake-up call for people to start using much better alternatives like Aegis (available only on android)
It's a bit reliving that they were not able to access all other sensitive data as per the Twilo team claims, but who knows what else they could be hiding?
It's a bit reliving that they were not able to access all other sensitive data as per the Twilo team claims, but who knows what else they could be hiding?
Thanks for updating their users here, i am not an Authy app user, but their users have to be very careful of unsolicited sms's that they receive from now on. 33 million phone numbers is a lot, this is a crazy data breach; and this numbers will be sold and resold in the dark web, so there are going to be different attacks from this, especially the sim swap or simjacking attack.
Are there Authy 2FA app users here? I guess some of the users here have used this for their 2FA accounts on exchanges and wallets. Recently, there's a report that they've been breached and numbers have been taken by the hackers. So, as what the developers are warning about. The users who have registered their numbers will have to be careful of phishing and text scam attempts if they've used their mobile numbers to the app.
Read more: Twilio alerts Authy two-factor app users that ‘threat actors’ have their phone numbers
That's a lot of numbers and Twilio confirmed that breached.
Quote from: https://www.theverge.com/2024/7/3/24191791/twilio-authy-2fa-app-phone-numbers-hack-data-breach
Twilio says someone has obtained phone numbers associated with its two-factor authentication service (2FA), Authy, as reported earlier by TechCrunch. In a security alert on Monday, Twilio warns that the “threat actors” may try to use the stolen phone numbers to carry out phishing attacks and other scams.
[...]Last week, the threat actor ShinyHunters published a list of 33 million phone numbers from Authy accounts on the dark web.[...]
[...]Last week, the threat actor ShinyHunters published a list of 33 million phone numbers from Authy accounts on the dark web.[...]
Read more: Twilio alerts Authy two-factor app users that ‘threat actors’ have their phone numbers
That's a lot of numbers and Twilio confirmed that breached.
Jump to: