Connect with us

    Hi, what are you looking for?

    Reviews

    Unauthorized Access to Millions Of Authy 2FA Phone Numbers by Cyber Intruders

    A group of malicious actors have managed to obtain more than 33 million phone numbers from users of the two-step verification platform Authy.

    Authy is a widely-used security tool that assists in managing verification codes for various applications and online services, boosting login security by mandating codes for an additional layer of authentication.

    The data breach incident has been acknowledged by Twilio, the parent organization of Authy, to Bleeping Computer. Steps have been taken to secure the affected area, and updates have been released for Android and iOS devices as a precautionary measure.

    Guidelines for Affected Users

    Users of Authy are uncertain about whether their phone numbers were compromised in the breach. While the phone numbers alone may not pose an immediate threat, potential risks could involve:

    • Phishing via SMS: False attempts to coax users into revealing verification codes or downloading harmful software.
    • SIM Exchange attacks: Generally necessitating more personal details and implicating the victim’s mobile service provider.

    Attackers may try to link phone numbers to their respective owners through online searches or alternate databases. Presently, the information in Authy remains safeguarded despite the data breach. It is noteworthy that Twilio had faced a data breach previously in 2022.

    If this incident brings to mind LastPass, a password management solution with a history of security breaches, your observations are valid. Concerns regarding reliability and a potential shift to a more secure platform emerge among Authy users.

    Transitioning from Authy to an Alternate Option

    Shifting away from Authy is a complex procedure as the platform does not facilitate data export. There exists a workaround tied to an older version of the desktop application, but this option could soon become obsolete following Authy’s discontinuation of the desktop program. Manual transfer comprises the subsequent steps:

    • Log in to the platforms where Authy generates codes.
    • Deactivate 2FA in the settings.
    • Subsequently, re-enable 2FA employing a new authenticator tool.

    Repeat these actions for each platform and eliminate them from Authy post-migration by prolonged-pressing on the item and choosing the delete option. Noteworthy alternatives include exploring Aegis or Bitwarden Authenticator.

    Image Credit: Song_about_summer / Shutterstock

    Advertisement. Scroll to continue reading.

    You May Also Like

    Reviews

    Microsoft has resolved 74 security issues in its software during the company’s August 2023 Patch Tuesday release. The previous month’s update tackled 132 vulnerabilities,...

    Hacks

    An economical high-voltage power supply project has been developed by Sebastian from Baltic Labs. The primary element of this endeavor is a commercial power...

    Hacks

    The issue of compatibility centers around the POPCNT CPU function. TheBobPony’s posts on Twitter uncovered that this function is found in several Windows 11...

    Hacks

    The choice to utilize USB storage was influenced by the nonexistence of Bluetooth and the substandard audio input port in the dated entertainment system....