Pages:
Author

Topic: Twilio's Authy 2FA app has been breached. - page 2. (Read 367 times)

legendary
Activity: 2730
Merit: 7065
One more proof that storing data in a centralized manner is very dangerous and will probably be hacked or leak at some point in the future.
I have heard Authy being recommended as an alternative to Google Authenticator a few times on the forum. To my knowledge, both software are closed-source, so not much of an alternative. If the reports are true and someone leaked over 30 million phone numbers, then the app was very popular. Social engineering schemes are to be expected... 
legendary
Activity: 2758
Merit: 6830
I started using Raivo on iOS, very recommended. Offline, no-ads, totally free, allows you to export yout accounts to a ZIP archive.

Still, I used Authy for some time and had some accounts there (even though I haven't opened the app in months because I migrated to Raivo). Tongue
copper member
Activity: 2198
Merit: 1837
🌀 Cosmic Casino
So it's time to look for alternatives, many could have been using Google Authenticator or any other 2FA apps.
Google Authenticator is a very bad idea. I wouldn't recommend it to any one

There is this thread that has some very good open source alternatives  ----> Best 2FA applications to use. Open source, free, secure. Better than Google's. I am not sure why the topic was moved to the off-topic board despite being very informative and educated

Also, it's worth noting that andOTP Authenticator is not maintained any more, so it might not be one of the best choices available.
legendary
Activity: 3080
Merit: 1353
I'm not a user of Authy though, but early I have heard some good reviews about it. But in any case yeah, anyone should be updating on the latest version and maybe change everything as we don't know what those scammers can do with the phone numbers that they have stolen.

I also read about this topic here: Security Alert: Update your Authy to the latest version.

So it's time to look for alternatives, many could have been using Google Authenticator or any other 2FA apps.
legendary
Activity: 2366
Merit: 1272
Heisenberg
Crazy times and pretty scary too to the users of the 2-factor authentication App. I think this is a wake-up call for people to start using much better alternatives like Aegis (available only on android)
It's a bit reliving that they were not able to access all other sensitive data as per the Twilo team claims, but who knows what else they could be hiding?
legendary
Activity: 994
Merit: 1089
Thanks for updating their users here, i am not an Authy app user, but their users have to be very careful of unsolicited sms's that they receive from now on. 33 million phone numbers is a lot, this is a crazy data breach; and this numbers will be sold and resold in the dark web, so there are going to be different attacks from this, especially the sim swap or simjacking attack.
hero member
Activity: 3024
Merit: 745
🌀 Cosmic Casino
Are there Authy 2FA app users here? I guess some of the users here have used this for their 2FA accounts on exchanges and wallets. Recently, there's a report that they've been breached and numbers have been taken by the hackers. So, as what the developers are warning about. The users who have registered their numbers will have to be careful of phishing and text scam attempts if they've used their mobile numbers to the app.

Twilio says someone has obtained phone numbers associated with its two-factor authentication service (2FA), Authy, as reported earlier by TechCrunch. In a security alert on Monday, Twilio warns that the “threat actors” may try to use the stolen phone numbers to carry out phishing attacks and other scams.

[...]Last week, the threat actor ShinyHunters published a list of 33 million phone numbers from Authy accounts on the dark web.[...]

Read more: Twilio alerts Authy two-factor app users that ‘threat actors’ have their phone numbers

That's a lot of numbers and Twilio confirmed that breached.  Undecided
Pages:
Jump to: