Some Authy accounts have been compromised due to a bug in Twilio.
Several Authy accounts were compromised after the Twilio hack. There were few affected accounts, but it’s pretty scary
Secure instant messaging app Signal is not the only platform that has experienced the recent Twilio data breach. In a statement released August 24 and spotted by TechCrunch, the company explains that the hackers had access to 93 individual Authy accounts. The platform is one of the most popular two-factor authentication services on the market. It was acquired by Twilio in 2015 and now has about 75 million users.
Multiple Authy accounts compromised after Twilio hack
According to Twilio, hackers used the access they gained to enroll new devices in 93 accounts affected by the vulnerability. In other words, they had the ability to use software to generate identification codes. The company has since “identified and removed unauthorized devices”on those 93 accounts. Twilio also clarified that affected users should check their recent logins to look for any signs of suspicious activity. The company also recommends that such users carefully double-check their list of authorized devices and disable the “Allow multiple devices”option.
There were few affected accounts, but it’s pretty scary
A few days ago, Twilio also stated that it had more or less proof that the data of 163 of its customers was available for a “limited period of time”due to a hack. The company has previously given a figure of 125. Although proportionally very low, this is a worst-case scenario for interested users. Adding two-factor authentication to your accounts is one of the most effective ways to protect yourself online; the fact that a hacker can compromise this system, even temporarily, is really frightening. Let’s hope in any case that Twilion will take advantage of the incident to further strengthen their security and that this will not happen again.
Leave a Reply