-
Twilio confirmed this week that they had suffered a data compromise.
-
This breach resulted from a hack attack and the loss of 33 million phone numbers.
-
Twilio advises users to install the latest security updates for iOS and Android devices.
This week, Twilio, a U.S.-based cloud communication company, confirmed that it had suffered a data breach. The breach, which resulted from a hack attack, leaked 33 million phone numbers connected to the Authy application.
This follows an announcement by the ShinyHunters hackers group in late June. The group stated on the BreachForums site that they wanted to hack Authy, Twilio’s 2FA authentication app, and randomly leak 33 million user numbers. The leak also included some non-personal information and Authy account IDs.
Confirming the data breach on their website with a security alert, they had this to say;
Twilio has detected that threat actors could identify data associated with Authy accounts.
They also confirmed that they had taken measures to ensure unauthenticated requests were no longer allowed.
In addition, they said that the cybercriminals didn’t gain access to any further sensitive user data or their systems. But they urged users to install the most recent security updates — for iOS and Android users.
They emphasized that while there were no compromised Authy accounts, third-party threats may attempt to use phone numbers linked to Authy accounts to perform smishing and phishing attacks. Consequently, Twilio encouraged everyone who uses Authy to be vigilant and completely aware of the messages they receive.