According to SlowMist, a cybersecurity company, the Chief Information Security Officer (CISO) 23pds has issued a warning on the X platform that the two-factor authentication (2FA) service Authy has been compromised by hackers, resulting in the leakage of 33 million users’ phone numbers. The official developer, Twilio, has confirmed the related vulnerability.
23pds has mentioned that many cryptocurrency professionals use Authy and has advised users of this 2FA software to be cautious of phishing attacks.
Source:
23pds
According to the foreign media “TechCrunch” report, the well-known hacker group ShinyHunters claimed last week on a well-known hacker forum that they hacked into Twilio and stole 33 million phone numbers. Twilio spokesperson Kari Ramirez confirmed to TechCrunch on Tuesday that the company “has detected that threat actors can identify data related to Authy accounts, including phone numbers, due to an unauthenticated endpoint.” Twilio has taken action to ensure the security of the endpoint and no longer allows unauthenticated requests.
Ramirez stated:
Rachel Tobac, CEO of SocialProof Security and an expert in social engineering, stated in an interview that if attackers can enumerate a user’s phone number list, they can impersonate Authy/Twilio and increase the credibility of phishing attacks against these phone numbers.
Related articles: “Travelers Become Targets as AI-generated Phishing Emails and “Charging Trap” on the Rise” “SlowMist Analysis: Private Key Leaks as the Most Common Cause of Cryptocurrency Theft in Q2”
