Cloud communications supplier Twilio has revealed that unidentified risk actors took benefit of an unauthenticated endpoint in Authy to determine knowledge related to Authy accounts, together with customers’ cellphone numbers.
The corporate mentioned it took steps to safe the endpoint to now not settle for unauthenticated requests.
The event comes days after a web-based persona named ShinyHunters printed on BreachForums a database comprising 33 million cellphone numbers allegedly pulled from Authy accounts.
Authy, owned by Twilio since 2015, is a well-liked two-factor authentication (2FA) app that provides a further layer of account safety.
“We’ve seen no proof that the risk actors obtained entry to Twilio’s programs or different delicate knowledge,” it mentioned in a July 1, 2024, safety alert.
However out of an abundance of warning, it is recommending that customers improve their Android (model 25.1.0 or later) and iOS (model 26.1.0 or later) apps to the newest model.
It additionally cautioned that the risk actors could try to make use of the cellphone quantity related to Authy accounts for phishing and smishing assaults.
“We encourage all Authy customers to remain diligent and have heightened consciousness across the texts they’re receiving,” it famous.