Great Moto G Stylus deal on Amazon!
Samsung foldable phones incoming
Reserve your Z Fold 6 or Z Flip 6 now and get $50 of instant Samsung credit and a chance to win $5,000!
Jul 10, Wed, 8:00 CDT
00 days
00 hrs
00 mins

Millions of cell numbers are stolen after a popular iOS/Android 2FA app is hacked

By
9comments
We may earn a commission if you make a purchase from the links on this page.
Millions of cell numbers are stolen after a popular iOS/Android 2FA app is hacked
Twilio's Authy app for both iOS and Android, designed to make it easier for users to request two-factor authentication (2FA) when signing into an app, ironically has been hacked resulting in the theft of customer smartphone numbers. In a blog post, Authy wrote, "Twilio has detected that threat actors were able to identify data associated with Authy accounts, including phone numbers, due to an unauthenticated endpoint. We have taken action to secure this endpoint and no longer allow unauthenticated requests."

OUR BARGAIN DEAL OF THE DAY:

Save an epic 47% on the high-end Sennheiser MOMENTUM 3 at Amazon!
$132 off (47%)
Buy at Amazon
Twilio requests that all Authy users update to the latest iOS or Android versions of the app in order to install the latest security updates. Twilio adds, "While Authy accounts are not compromised, threat actors may try to use the phone number associated with Authy accounts for phishing and smishing attacks; we encourage all Authy users to stay diligent and have heightened awareness around the texts they are receiving.

Two-factor authentication (2FA) requires the use of a second layer of protection when signing into an app. For example, after signing into an app you receive an SMS on your phone containing a code that you need to type in to open the app. This prevents an attacker from opening one of your apps and getting into your account, changing your password, and robbing you blind. Right now, Twilio says that the customer data stolen in the hack was limited to phone numbers.

You need to submit your phone number when opening an account with Authy - Millions of cell numbers are stolen after a popular iOS/Android 2FA app is hacked
You need to submit your phone number when opening an account with Authy

Twilio is blaming the use of "unauthenticated endpoints" for the successful hack and notes that it has taken action to secure this endpoint and "no longer allows unauthenticated requests." A media report puts the number of phone numbers stolen at 33 million. On a well-known hacking forum, hackers known as ShinyHunters admitted to hacking Twilio and stealing 33 million cellphone numbers.

While the theft of phone numbers shouldn't necessarily scare Authy users, the attackers could use these numbers to call or text the victimized Authy subscribers. The attackers could then pretend to be from Authy, and seek other user information including social security numbers, bank account numbers, and other sensitive personal data. Be careful when receiving a call or text that supposedly comes from Twilio or Authy and do not reveal any personal data no matter how insistent the caller or the text is.

Recommended Stories
And this hack has nothing to do with whether 2FA works to protect your personal data. If you like 2FA as a deterrent, don't stop using it because Authy has been attacked.
https://m-cdn.phonearena.com/images/users/39-200/Alan-F.jpg
Alan Friedman Mobile Tech News Journalist
Alan, an ardent smartphone enthusiast and a veteran writer at PhoneArena since 2009, has witnessed and chronicled the transformative years of mobile technology. Owning iconic phones from the original iPhone to the iPhone 15 Pro Max, he has seen smartphones evolve into a global phenomenon. Beyond smartphones, Alan has covered the emergence of tablets, smartwatches, and smart speakers.

Recommended Stories

Loading Comments...

Popular stories

T-Mobile subscribers have another reason to be happy on 4th of July as SpaceX delivers exciting news
T-Mobile subscribers have another reason to be happy on 4th of July as SpaceX delivers exciting news
Millions of cell numbers are stolen after a popular iOS/Android 2FA app is hacked
Millions of cell numbers are stolen after a popular iOS/Android 2FA app is hacked
FCC wants your help to decide if T-Mobile should be allowed to buy fiber internet provider
FCC wants your help to decide if T-Mobile should be allowed to buy fiber internet provider
Lenovo’s new $300 tablet is what the Pixel Tablet should’ve been: Best entertainment tablet ever?
Lenovo’s new $300 tablet is what the Pixel Tablet should’ve been: Best entertainment tablet ever?
Google Messages to upgrade old chats to RCS after Apple's adoption
Google Messages to upgrade old chats to RCS after Apple's adoption
Best Buy just upgraded its bonkers deal on the Galaxy Tab S8 Ultra, making it even more unmissable
Best Buy just upgraded its bonkers deal on the Galaxy Tab S8 Ultra, making it even more unmissable

Latest News

The entertainment-oriented Fire HD 10 (2023) is currently dirt-cheap for Prime members on Amazon
The entertainment-oriented Fire HD 10 (2023) is currently dirt-cheap for Prime members on Amazon
Apple executives give details about the changes coming to the Photos app in iOS 18
Apple executives give details about the changes coming to the Photos app in iOS 18
Changing its mind, Apple approves the Epic Game Store for the EU
Changing its mind, Apple approves the Epic Game Store for the EU
Amazon's gorgeous Galaxy Z Fold 5 deal is still in the spotlight, but not for long
Amazon's gorgeous Galaxy Z Fold 5 deal is still in the spotlight, but not for long
The sleek Motorola Razr 2023 becomes cheaper than cheap after a bonkers $250 discount on Amazon
The sleek Motorola Razr 2023 becomes cheaper than cheap after a bonkers $250 discount on Amazon
What this unhappy long-term T-Mobile subscriber did will be repeated by many in the near future
What this unhappy long-term T-Mobile subscriber did will be repeated by many in the near future
FCC OKs Cingular\'s purchase of AT&T Wireless