33 Million Authy Users Exposed to Authenticator App Security Nightmare

A hacker has claimed to have stolen 33 million phone numbers from US messaging giant Twilio. The company confirmed to CyberGuy that malicious actors gained access to data associated with its two-factor authentication service Authy.

Obtaining a list of phone numbers alone is not the worst cyberattack, but it could still pose a threat to the owners of those numbers.

Hackers can use these numbers to launch phishing attackssending spam SMS messages or attempting to swap SIM cards. Twilio has since patched its app to prevent future security incidents and has also warned users.

GET SECURITY ALERTS & EXPERT ADVICE – SUBSCRIBE TO KURT’S NEWSLETTER – THE CYBERGUY REPORT HERE

Illustration of a hacker at work (Kurt “CyberGuy” Knutsson)

What do you want to know?

On July 3, the hacker group known as ShinyHunters reportedly took to a hacking forum to boast about stealing 33 million cell phone numbers. Twilio said that the incident was “not a hack or breach,” but rather malicious actors exploiting an “unauthenticated endpoint.” Simply put, the hackers exploited a specific part of Twilio’s system that didn’t require authentication.

The US messaging giant confirmed that the hackers were able to identify data associated with Authy accounts, including phone numbers, but did not say how many accounts were affected. The company said there was no evidence that the hackers had access to Twilio’s systems or other sensitive data.

Twilio provided this statement to CyberGuy: “Twilio has detected that malicious actors were able to identify data associated with Authy accounts, including phone numbers, due to an unauthenticated endpoint. We have taken steps to secure this endpoint and are no longer allowing unauthenticated requests.”

“We have seen no evidence that malicious actors have gained access to Twilio’s systems or other sensitive data. As a precaution, we are asking all Authy users to update their Android and iOS apps to receive the latest security updates, and we encourage all Authy users to remain diligent and be especially aware of phishing and smishing attacks.”

GET FOX BUSINESS ON THE GO BY CLICKING HERE

Illustration of hackers at work (Kurt “CyberGuy” Knutsson)

ANDROID USERS AT RISK AS BANKING TROJAN TARGETS MORE APPS

What should affected users do?

If you have been affected by the Twilio security incident, the first thing you should do is download the latest version of the Authy app. Twilio has released a new version of the app that includes bug fixes and security updates. Android users can update the app from the Play Storeand iPhone users can head to the App Store.

You also need to be careful with phishing attacks. Although your Authy account is secure, hackers may use the phone number associated with your account to attempt phishing attempts. This means they could contact you pretending to be an Authy or Twilio employee to trick you into disclosing personal information.

Illustration of a hacker (Kurt “CyberGuy” Knutsson)

ANDROID BANKING TROJAN MASKS IN GOOGLE PLAY TO STEAL YOUR DATA

5 Steps to Protect Your Privacy and Personal Data

While hackers can use your personal information in a variety of ways, there are several steps you can take to prevent harm.

1. Have a powerful antivirus software: Android has its own built-in malware protection called Play Protect, but it’s not enough to stop all malware. In the past, Play Protect hasn’t been 100% foolproof at removing all known malware from Android phones. The best way to protect yourself from malicious links that install malware that can access your private information is to install antivirus protection on all your devices. This can also alert you to any phishing emails or ransomware scams. Check out my picks for the best antivirus protection winners of 2024 for your Windows, Mac, Android, and iOS devices.

2. Use an identity theft protection service: Identity theft companies can monitor your personal information like your Social Security number, phone number, and email address and alert you if it’s being sold on the dark web or used to open an account. They can also help freeze your bank and credit card accounts to prevent unauthorized use by criminals.

CLICK HERE FOR MORE US NEWS

One of the coolest perks of some services is that they may include identity theft insurance. up to $1 million to cover losses and legal costs and a white-glove fraud resolution team where a US-based case manager helps you recover your losses. Check out my tips and top picks to protect yourself against identity theft.

3. Invest in data deletion services: While no service promises to remove all of your data from the internet, having a removal service is ideal if you want to continuously monitor and automate the process of removing your information from hundreds of sites continuously over an extended period of time. Remove Your Personal Data From The Internet With My Top Picks Here.

4. Use multi-factor authentication: Enable two-factor authentication on your important accounts to add an extra layer of security beyond a password. This requires a second step, such as a code sent to your phone, to log in.

5. Use a VPN: Consider using a VPN to protect yourself from tracking and to identify your potential location on the websites you visit. Many sites can read your IP address and, depending on their privacy settings, may display the city you are corresponding from. A VPN will mask your IP address to display an alternate location. For the best VPN software, check out my expert review of the best VPNs for browsing the web privately on your Windows, Mac, Android and iOS devices.

HOW TO DEFEAT CRIMINAL HACKERS BY PREVENTING THEM FROM YOUR DIGITAL ACCOUNTS

Kurt’s Key Takeaway

Authy is a trusted two-factor authentication service, but a security flaw in its system reminds users that no service is foolproof. The service provider claims that hackers don’t have access to Authy accounts, which is a relief. Companies should invest more in security infrastructure to ensure that their customers’ sensitive data isn’t compromised so easily.

CLICK HERE TO GET THE FOX NEWS APP

How do you think companies should improve their security measures to avoid incidents like the one at Twilio? Let us know by writing to us at Cyberguy.com/Contact.

For more tech tips and security alerts, subscribe to my free CyberGuy Report newsletter by visiting Cyberguy.com/Newsletter.

Ask Kurt a question or let us know what stories you’d like us to cover.

Follow Kurt on his social networks:

Answers to the most frequently asked questions about CyberGuy:

Copyright 2024 CyberGuy.com. All rights reserved.

#