Cloud communications supplier Twilio has revealed that unidentified menace actors took benefit of an unauthenticated endpoint in Authy to establish information related to Authy accounts, together with customers’ cellphone numbers.
The corporate stated it took steps to safe the endpoint to not settle for unauthenticated requests.
The event comes days after a web based persona named ShinyHunters revealed on BreachForums a database comprising 33 million telephone numbers allegedly pulled from Authy accounts.
Authy, owned by Twilio since 2015, is a well-liked two-factor authentication (2FA) app that provides a further layer of account security.
“We have now seen no proof that the menace actors obtained entry to Twilio’s methods or different delicate information,” it stated in a July 1, 2024, security alert.
However out of an abundance of warning, it is recommending that customers improve their Android (model 25.1.0 or later) and iOS (model 26.1.0 or later) apps to the newest model.
It additionally cautioned that the menace actors could try to make use of the telephone quantity related to Authy accounts for phishing and smishing assaults.
“We encourage all Authy customers to remain diligent and have heightened consciousness across the texts they’re receiving,” it famous.
