If you use Authy, update your app immediately. Twilio, the email company that owns the two-factor authentication service, has confirmed TechCrunch On Wednesday, hackers hacked Twilio and acquired the mobile phone numbers of 33 million users.
Twilio released a statement on its website also confirming the hack. “Twilio detected that malicious actors were able to identify data associated with Authy accounts, including phone numbers, through an unauthenticated endpoint,” the statement read. “We have taken steps to secure this endpoint and no longer allow unauthenticated requests.”
The company added that there was no evidence that the hackers accessed Twilio’s systems or sensitive data. But updating to the latest version of the iOS and Android apps (on all the devices you use) is essential because they include new security updates.
Twilio stressed that Authy accounts were not compromised. However, hackers (and anyone they share the data with) could “attempt to use the phone number associated with Authy accounts for phishing and smishing attacks.”
If you’re not familiar with the term, smishing is the SMS equivalent of phishing. So if you have an Authy account, be especially wary of unexpected text messages that appear to come from trusted sources, especially Authy or Twilio.
Rachel Tobac, social engineering expert and CEO of SocialProof Security, illustrated TechCrunch what this might look like. “If attackers are able to enumerate a list of user phone numbers, then these attackers can impersonate Authy/Twilio to those users, increasing the credibility of a phishing attack on that phone number,” Tobac said.
“We encourage all Authy users to remain diligent and be more mindful of the texts they receive,” Twilio stressed.
News Source : www.engadget.com
Gn tech
