Twilio has revealed that hackers have also compromised users of Authy

The most recent security vulnerability impacted at least 93 customers of the two-factor authentication software offered by the corporation.

Authy customers, who depend on the multi-factor authentication (MFA) software to create one-time passcodes, may have had their security compromised as a result of a recent data breach, according to an announcement made by Twilio.

On August 7, the firm said (Opens in a new window) that a successful phishing attempt against its workers allowed a hacker access to internal systems, which the hacker then exploited to “access sensitive client data.” On August 10th, Twilio said that, to the best of its knowledge, 125 of its clients had been compromised by the security incident. This number has now increased to 163, and it does not even take into account the users of Authy whose accounts were hacked.

According to Twilio’s statement, the company’s research “has found that the malicious actors got access to the accounts of 93 individual Authy users out of a total of around 75 million users” and registered additional devices to those individuals’ accounts. In addition to this, it states that it has “since detected and deleted illegitimate devices from these Authy accounts” and has contacted individuals who were impacted by this issue.

The business has recommended those customers to verify all of the devices that are connected to their Authy account, disable the “Allow Multi-device” feature inside the app, and evaluate their accounts that are linked to Authy for any unusual behaviour. The first two suggestions are aimed to assist mitigate the effects of this compromise, while the third proposal is designed to lower the likelihood of such occurrences in the future.

In a support post (Opens in a new window), Twilio mentions that “Allow Multi-device” is set by default for Authy users so that they may continue to have access to their MFA tokens even if their device is lost, stolen, or otherwise unavailable. In a comparison(Opens in a new window) to Google Authenticator, the business also stresses the ability to make these backups (or just access tokens on numerous devices without repeating a setup process) on multiple devices without having to repeat the setup procedure.

Published at : 10 Aug 2022 10:52 AM (IST)

More stuffs you may like

Related posts


Latest posts

Mountains of Waste: The E-Waste Crisis and Its Environmental Toll

In today's fast-paced world, the rapid evolution of consumer electronics has led to an endless cycle of upgrades and disposals.

Guarding Your Digital Fortress: Navigating the Surge in Cybersecurity Threats

In an increasingly digital world, where data flows like water and personal information is stored in the cloud, the importance of cybersecurity cannot be overstated.

Intel’s Leap into the Future: Unveiling Next-Gen Processors with Breakthrough Performance

In the ever-evolving landscape of computer technology, one name has consistently stood out as a pioneer and trailblazer: Intel.
error: Content is protected !!