Connect with us

Hi, what are you looking for?


Hackers Manage to Access Millions Of Authy 2FA Phone Numbers

Image Source: Song_about_summer / Shutterstock

Cybercriminals have successfully acquired more than 33 million phone numbers from users of the two-factor authentication service Authy.

Authy is a popular security application that aids in handling authentication codes for different applications and online platforms, enhancing login security by requiring codes for a second layer of verification.

Twilio, the parent company of Authy, has confirmed the occurrence of the data breach to Bleeping Computer and has taken measures to secure the impacted endpoint. Moreover, updates have been rolled out for Android and iOS devices as a precaution.

Steps for Impacted Users

Users of Authy are unable to confirm if their phone numbers were included in the breach. While the phone numbers alone do not pose a direct threat, potential attacks could involve:

  • SMS attacks: Attempting to trick users into divulging authentication codes or installing malicious software.
  • SIM Swapping attacks: Usually requiring more personal information and involving the victim’s mobile service provider.

Attackers might attempt to connect phone numbers to their owners through online searches or other databases. Currently, the data in Authy remains secure despite the breach. It is worth noting that Twilio had previously experienced a data breach in 2022.

If this situation reminds you of LastPass, a password management tool with a history of security breaches, you are not mistaken. Concerns about trustworthiness and potential transition to a more secure service arise for Authy users.

Switching from Authy to an Alternative Service

Moving away from Authy is not a simple process as it does not support exporting data. There is a workaround involving an older version of the desktop app, but this option may soon become unavailable due to Authy discontinuing the desktop program. Manual migration involves the following steps:

  • Sign in to the services where Authy creates codes.
  • Disable 2FA in the settings.
  • Re-enable 2FA using a new authenticator application.

Repeat these steps for each service and remove them from Authy once the migration is complete by long-pressing on the item and selecting the remove option. For notable alternatives, consider exploring Aegis or Bitwarden Authenticator.

Image Source: Song_about_summer / Shutterstock

Advertisement. Scroll to continue reading.

You May Also Like


Google has updated how Chrome warns users about potentially harmful file downloads. While the blocking feature stays the same, Chrome will now show full-screen...


When dealing with Windows accounts, having a password is vital for security as it grants access to your user account. This step-by-step guide will...


The Thunderbird development team is hard at work on the upcoming release of Thunderbird 128 Nebula, the open-source email client. They have now shared...


Microsoft refers to ads as recommendations within Windows 11, which are visible in various areas of the operating system such as the Start menu,...