Wednesday, 2 April 2025
26.8 C
Singapore
29 C
Thailand
20 C
Indonesia
26.6 C
Philippines

Twilio detects unauthorised access to Authy accounts, urges updates to prevent phishing attacks

Twilio detects unauthorised access to Authy accounts, urging updates and vigilance against phishing attacks

Last week, Twilio, the company behind the two-factor authentication (2FA) app Authy, confirmed that unauthorised access may have exposed Authy users’ phone numbers. This incident has raised concerns among users of the popular app.

How did the incident happen?

Twilio revealed in a security alert that the unauthorised access was due to an unauthenticated endpoint in their system. This vulnerability allowed the ShinyHunters group to input phone numbers and verify whether they were linked to Authy accounts, exposing 33 million phone numbers.

The company has since secured the endpoint, preventing any further unauthenticated access. Twilio reassured users that there is no evidence that unauthorised actors accessed other sensitive data or the company’s systems beyond these phone numbers.

Twilio’s response and recommendations

Given this incident, Twilio strongly advises all Authy users to update their Android and iOS apps to the latest versions. These updates include enhanced security measures to protect against potential threats. Twilio also warns that the stolen phone numbers could be used for phishing (fraudulent emails) and smishing (fraudulent text messages) attacks. Therefore, users should remain vigilant and cautious about any suspicious communications.

This is not the first time Twilio has faced a security incident. Two years ago, unauthorised actors successfully phished several employees to access data from over 100 Twilio customers. This previous incident highlights the ongoing challenge of securing digital platforms against increasingly sophisticated cyber threats.

Protecting yourself from future attacks

Twilio’s latest security incident underscores the importance of staying updated with the newest app versions and being aware of potential phishing and smishing attempts. Users should regularly check for updates and apply them promptly to protect their accounts. Additionally, being cautious about unsolicited messages and verifying the authenticity of communications can help prevent falling victim to these attacks.

Twilio continues improving its security measures to protect its users and prevent future incidents. Taking proactive steps and staying informed can better safeguard your personal information against cyber threats.

Editor’s note: This story has been updated with a response from Twilio. Twilio has seen no evidence that the threat actors breached its systems or obtained access to its systems or other sensitive internal data. As a precaution, Twilio is requesting all Authy users to update to the latest Android and iOS apps for the latest security updates and encourages all Authy users to stay diligent and maintain heightened awareness around phishing and smishing attacks.

Hot this week

OpenAI pauses free GPT-4o image generation after viral Studio Ghibli trend

OpenAI halts free GPT-4o image generation after viral Studio Ghibli trend raises legal concerns, leaving paid users with continued access.

Fujifilm unveils GFX100RF: A 102MP medium format compact camera

Fujifilm announces the GFX100RF, a 102MP medium-format compact camera. It is available for pre-order at S$7,999, and early buyers will receive free gifts.

Samsungโ€™s latest vacuum alerts you to calls and texts while you clean

Samsungโ€™s new Bespoke AI Jet Ultra vacuum can alert you to calls and texts while cleaning as the brand expands smart home screens across appliances.

Microsoft launches AI-powered security agents to tackle cyber threats

Microsoft introduces AI-powered security agents to help businesses fight cyber threats. Learn how these AI agents improve security and reduce workload.

Gmail introduces easier encryption for business emails

Google introduces a new encryption model for Gmail, making it easier for businesses to send secure emails without special software or certificates.

These robot vacuums are getting smarter with Apple Home support

Appleโ€™s iOS 18.4 update adds Matter support for robot vacuums, enabling control via Apple Home. Roborock, iRobot, and Ecovacs are updating their devices.

Gmail introduces easier encryption for business emails

Google introduces a new encryption model for Gmail, making it easier for businesses to send secure emails without special software or certificates.

Nothing Phone (3a) Pro review: A mid-range marvel with standout zoom

Nothing Phone (3a) Pro blends standout design, powerful zoom camera, and smart features, making it a top choice in the mid-range segment.

Vivo challenges iPhone 16 Pro Max with X200 Ultraโ€™s video stability

Vivoโ€™s X200 Ultra teaser compares video stability with the iPhone 16 Pro Max, promising top-tier camera upgrades and advanced stabilisation.

Related Articles