Twilio Alerts Authy Users of Potential Security Risks Involving Phone Numbers

 

The U.S. messaging giant Twilio has been accused of stealing 33 million phone numbers over the past week as a result of a hacker’s exploit. Authy, a popular two-factor authentication app owned by Twilio that uses the phone numbers of people to authenticate, has confirmed to TechCrunch today that “threat actors” can identify the phone numbers of users of Authy. It was recently reported that a hacker or hacker group known as ShinyHunters entered into a well-known hacking forum and posted that they had hacked Twilio and received the cell phone numbers of 33 million subscribers from Twilio. 
As a spokesperson for Twilio Ramirez explained to TechCrunch, the company has detected that threat actors have been able to identify phone numbers associated with Authy accounts through an unauthenticated endpoint, however, it’s yet to be known how this happened. According to a report by TechCrunch earlier this week, someone has obtained phone numbers related to Twilio’s two-factor authentication service (2FA), Authy, of which it is a part. 
An alert from Twilio on Monday warned of possible phishing attacks and other scams using stolen phone numbers, which the company described as “threat actors” trying to steal personal information. An incident that happened in 2022 occurred following a phishing campaign that tricked employees into using their login credentials to gain access to the company’s computer network. During the attack, hackers gained access to 163 Twilio accounts as well as 93 Authy accounts

[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.

This article has been indexed from CySecurity News – Latest Information Security and Hacking Incidents

Read the original article: