Twilio, the parent company of the Authy app used for two-factor authentication (2FA), recently discovered a data breach compromising user information. This breach allowed unauthorized access to user account details, including phone numbers, due to insecure endpoint APIs. Twilio has since addressed and fixed this security vulnerability, preventing further unauthorized access through this method.
It is reassuring to note that Twilio has not found any other sensitive user data breaches. However, they advise all Authy users on both iOS and Android smartphones to update to the latest version that resolves this security flaw.
Despite the phone number data leak associated with Authy, Twilio urges users to remain vigilant against potential phishing attempts through SMS messages.
Source: Twilio and Bleeping Computer
TLDR: Twilio’s Authy app data breach exposed user account information but has been fixed. Users are recommended to update to the latest version to enhance security and to beware of potential phishing scams via SMS.
Leave a Comment