The security of multi-factor authentication apps is of utmost importance to many users. One of the best known of these apps is Authy, developed by the US company Twilio. But now it has been revealed that millions of phone numbers have been intercepted, which is causing concern among many users. Below you will find out what happened, what measures have been taken and how you can protect yourself.
Using multi-factor authentication (MFA) is a proven way to better secure your online accounts. Apps like Authy generate time-based one-time passwords (TOTP) that are required in addition to your password to log in. Authy is particularly popular because it is easy to use and increases security with additional safeguards, such as a master password. But no system is completely secure, as the recent incident shows.
Authy hacked: What happened?
Twilio, the company behind Authy, has reportedthat attackers gained access to Authy account data via an unsecured API endpoint. This resulted in the phone numbers of over 33 million users being compromised. Fortunately, there is no indication that other data such as passwords or TOTP codes were compromised. The user accounts themselves do not appear to be directly affected, but the data released includes account IDs, phone numbers, and information on the status of the accounts and the number of registered devices.
Who is behind it?
The group ShinyHunters appears to be behind the attack and has published a CSV file with the stolen data. This group is known for its cyberattacks and data leaks, which it often sells or publishes online. Twilio immediately took action after the incident became known to close the unsecured API endpoint and block unauthenticated requests.
Precautions and Recommendations
Twilio advises all users to update the Authy app to the latest version. Users should also be particularly vigilant against phishing attempts. Phishing is a method in which attackers try to obtain personal information through fake emails or messages. At the end of 2022, Twilio was already the target of a successful phishing attack in which criminals gained access to internal systems and stole customer data.
protection against future attacks
To better protect yourself, you should follow these steps:
- App updates: Make sure your Authy app is always up to date. Updates often contain security-related patches.
- Beware of phishing: Be suspicious of emails or messages that ask you to disclose personal information or click on links. Always check the sender's address and the content of the message.
- Additional security measures: If possible, use additional protection measures such as a master password or authentication via another device.
Updates and caution: Your protective shield online
The Authy incident shows once again that even the best security measures are not infallible. It is important that you as a user always remain vigilant and take proactive measures to protect your data. Always keep your apps up to date and be cautious of suspicious messages. This way you can minimize the risk of becoming a victim of a cyber attack. Stay safe and regularly inform yourself about current security risks and measures. This way you are always on the safe side and can protect your digital accounts as best as possible. (Photo by jhphotos / Bigstockphoto)
