Hackers claiming to have stolen 33 million phone numbers from Twilio

Hackers claiming to have stolen 33 million phone numbers from Twilio

Twilio has confirmed a security breach involving its Authy two-factor authentication app, where threat actors accessed data including phone numbers of its users. The incident, reported by TechCrunch, stems from unauthorized access to an endpoint that exposed this information.

According to Twilio spokesperson Kari Ramirez, the company swiftly responded by securing the vulnerable endpoint to prevent further unauthorized access. They emphasized that there is no evidence suggesting the hackers breached Twilio’s core systems or obtained sensitive data beyond the identified endpoint.

As a precautionary measure, Twilio has urged all Authy users to update their Android and iOS apps to receive the latest security patches. They also advised heightened vigilance against phishing and smishing attacks, where attackers might exploit the obtained phone numbers to impersonate Authy or Twilio in malicious messages.

While the exposure of phone numbers alone may not seem immediately dangerous, it does pose risks such as targeted phishing attempts. Attackers could use the information to craft convincing messages appearing to originate from Authy or Twilio, potentially tricking users into divulging sensitive information.

This incident marks another cybersecurity challenge for Twilio, following a previous breach in 2022 where hackers targeted Authy users specifically, compromising their two-factor authentication codes. Twilio has since reinforced its security protocols but continues to face ongoing threats in the evolving landscape of cybersecurity.

© TechMub. All right reserved.