Twilio has updated its Authy two-factor authentication (2FA) service after a hacker claimed to have retrieved 33 million phone numbers from its user database.


TechCrunch reports that the hacker(s) known as ShinyHunters took to a well-known hacking forum to boast about the theft of 33 million cell phone numbers, achieved by what Twilio described as the use of an “authenticated endpoint.”

The U.S. messaging giant confirmed this week that “threat actors” gained access to its servers, resulting in the theft of users’ phone numbers, but it did not specify how many were accessed. The company said it had taken action to secure the exploit and prevent similar future unauthenticated requests.

“We have seen no evidence that the threat actors obtained access to Twilio’s systems or other sensitive data,” said the company in a blog post. “While Authy accounts are not compromised, threat actors may try to use the phone number associated with Authy accounts for phishing and smishing attacks; we encourage all Authy users to stay diligent and have heightened awareness around the texts they are receiving.”

As Twilio notes, obtaining a list of phone numbers may not appear in itself to pose a severe security threat. However, attackers could conceivably contact users and claim to be Authy or Twilio representatives in order to get them to reveal personal information as part of a phishing campaign.

Users should update to the latest version of the iOS app, available on the App Store. Twilio also advises users who cannot access their Authy account to contact its support team immediately.

See also  Apple Silicon Vulnerability Allows Hackers to Extract Encryption Keys

At the beginning of the year, Authy announced that it was shutting down its Mac and Linux desktop apps in August 2024, but ended up bringing the date forward. The apps were subsequently killed off in March.

Popular Stories

Apple Leak Confirms Four iPhone 16 Models With Same A18 Chip

Code discovered in Apple’s backend by Nicolás Alvarez and shared with MacRumors confirms Apple’s plans to release four iPhone 16 models this year, and it indicates that the devices will all have the same A-series chip. There are mentions of new model numbers that are not associated with existing iPhones, and that have the numbering scheme Apple uses for its flagship devices. The code…

Netflix Starts Booting Subscribers Off Cheapest Basic Ads-Free Plan

Netflix is proceeding with its plan to discontinue its cheapest ad-free subscription tier, starting with the UK and Canada, with more countries inevitably to follow. The streaming giant has reportedly begun notifying users via on-screen messages about the last day they can access the service unless they upgrade. One Reddit user shared a notification they had received from the Netflix app,…

Leak Confirms Apple’s Work On ‘Home Accessory’

Code discovered on Apple’s backend by MacRumors confirms Apple is indeed working on a long-rumored home accessory in addition to the HomePod and Apple TV. The code references a device with the identifier “HomeAccessory17,1,” which is a new identifier category. The name is similar to the HomePod’s “AudioAccessory” identifier. Interestingly, the 17,1 in the identifier name suggests that…