Cloud communications supplier Twilio has revealed that unidentified menace actors took benefit of an unauthenticated endpoint in Authy to establish knowledge related to Authy accounts, together with customers’ cellular phone numbers.
The corporate mentioned it took steps to safe the endpoint to not settle for unauthenticated requests.
The event comes days after a web based persona named ShinyHunters revealed on BreachForums a database comprising 33 million telephone numbers allegedly pulled from Authy accounts.
Authy, owned by Twilio since 2015, is a well-liked two-factor authentication (2FA) app that provides an extra layer of account safety.
“We have now seen no proof that the menace actors obtained entry to Twilio’s programs or different delicate knowledge,” it mentioned in a July 1, 2024, safety alert.
However out of an abundance of warning, it is recommending that customers improve their Android (model 25.1.0 or later) and iOS (model 26.1.0 or later) apps to the newest model.
It additionally cautioned that the menace actors could try to make use of the telephone quantity related to Authy accounts for phishing and smishing assaults.
“We encourage all Authy customers to remain diligent and have heightened consciousness across the texts they’re receiving,” it famous.
