According to SlowMist, a cybersecurity company, the Chief Information Security Officer (CISO) 23pds has warned that the two-factor authentication (2FA) service Authy has been hacked, and the phone numbers of 33 million users have been leaked. The official developer, Twilio, has confirmed the related vulnerability.
23pds stated that many cryptocurrency practitioners use Authy and reminded users of this 2FA software to be cautious of phishing attacks.
Source:
According to the foreign media “TechCrunch” report, the well-known hacker group ShinyHunters claimed last week on a well-known hacker forum that they had hacked into Twilio and stolen 33 million phone numbers. Twilio spokesperson Kari Ramirez confirmed to TechCrunch on Tuesday (2nd) that the company “has detected threat actors being able to identify data related to Authy accounts, including phone numbers, due to an unauthenticated endpoint”. Twilio stated that it has taken action to ensure the security of the endpoint and no longer allows unauthenticated requests.
Ramirez said:
Rachel Tobac, CEO of SocialProof Security, a social engineering expert, stated in an interview that if attackers can enumerate a list of users’ phone numbers, these attackers can impersonate Authy/Twilio to increase the credibility of phishing attacks against these phone numbers.
Related articles: “Travelers Become Targets, AI-generated Phishing Emails and ‘Charging Traps’ are on the Rise” and “SlowMist Analysis: Private Key Leaks are the Most Common Cause of Cryptocurrency Theft in the Second Quarter”.