Connect with us

Hi, what are you looking for?

Reviews

Hackers Manage to Access Millions Of Authy 2FA Phone Numbers

Image Source: Song_about_summer / Shutterstock

Cybercriminals have successfully acquired more than 33 million phone numbers from users of the two-factor authentication service Authy.

Authy is a popular security application that aids in handling authentication codes for different applications and online platforms, enhancing login security by requiring codes for a second layer of verification.

Twilio, the parent company of Authy, has confirmed the occurrence of the data breach to Bleeping Computer and has taken measures to secure the impacted endpoint. Moreover, updates have been rolled out for Android and iOS devices as a precaution.

Steps for Impacted Users

Users of Authy are unable to confirm if their phone numbers were included in the breach. While the phone numbers alone do not pose a direct threat, potential attacks could involve:

  • SMS attacks: Attempting to trick users into divulging authentication codes or installing malicious software.
  • SIM Swapping attacks: Usually requiring more personal information and involving the victim’s mobile service provider.

Attackers might attempt to connect phone numbers to their owners through online searches or other databases. Currently, the data in Authy remains secure despite the breach. It is worth noting that Twilio had previously experienced a data breach in 2022.

If this situation reminds you of LastPass, a password management tool with a history of security breaches, you are not mistaken. Concerns about trustworthiness and potential transition to a more secure service arise for Authy users.

Switching from Authy to an Alternative Service

Moving away from Authy is not a simple process as it does not support exporting data. There is a workaround involving an older version of the desktop app, but this option may soon become unavailable due to Authy discontinuing the desktop program. Manual migration involves the following steps:

  • Sign in to the services where Authy creates codes.
  • Disable 2FA in the settings.
  • Re-enable 2FA using a new authenticator application.

Repeat these steps for each service and remove them from Authy once the migration is complete by long-pressing on the item and selecting the remove option. For notable alternatives, consider exploring Aegis or Bitwarden Authenticator.

Image Source: Song_about_summer / Shutterstock

Advertisement. Scroll to continue reading.
AIAD

You May Also Like

Reviews

OpenAI has unveiled a new capability for ChatGPT called “Deep Research,” designed to assist users in navigating intricate and comprehensive research tasks across various...

Reviews

Google has revealed that it prevented 2.36 million Android applications from being launched on the Play Store in 2024 due to breaches of policies...

Reviews

NordVPN has introduced a novel protocol called NordWhisper, which the company claims is designed to help users navigate VPN restrictions in specific regions. As...

Reviews

Reports suggest that Microsoft is engaged in talks to purchase the US division of TikTok from ByteDance, as indicated by President Donald Trump. While...