{"id":239348,"date":"2024-07-03T16:56:26","date_gmt":"2024-07-03T16:56:26","guid":{"rendered":"https:\/\/michigandigitalnews.com\/index.php\/2024\/07\/03\/twilio-hack-leaves-authy-users-exposed-to-text-messaging-scams\/"},"modified":"2025-06-25T17:15:34","modified_gmt":"2025-06-25T17:15:34","slug":"twilio-hack-leaves-authy-users-exposed-to-text-messaging-scams","status":"publish","type":"post","link":"https:\/\/michigandigitalnews.com\/index.php\/2024\/07\/03\/twilio-hack-leaves-authy-users-exposed-to-text-messaging-scams\/","title":{"rendered":"Twilio hack leaves Authy users exposed to text-messaging scams"},"content":{"rendered":"<p> [ad_1]<br \/>\n<\/p>\n<div>\n<p>If you use Authy, update your app immediately. Twilio, the messaging company that owns the two-factor authentication service, <a data-i13n=\"elm:context_link;elmt:doNotAffiliate;cpos:1;pos:1\" class=\"link \" href=\"https:\/\/techcrunch.com\/2024\/07\/03\/twilio-says-hackers-identified-cell-phone-numbers-of-two-factor-app-authy-users\/\" data-ylk=\"slk:confirmed;elm:context_link;elmt:doNotAffiliate;cpos:1;pos:1;itc:0;sec:content-canvas\">confirmed<\/a> to <em>TechCrunch<\/em> on Wednesday that hackers breached Twilio and acquired mobile phone numbers for 33 million users.<\/p>\n<p>Twilio published a <a data-i13n=\"elm:context_link;elmt:doNotAffiliate;cpos:2;pos:1\" class=\"link \" href=\"https:\/\/www.twilio.com\/en-us\/changelog\/Security_Alert_Authy_App_Android_iOS\" rel=\"nofollow noopener\" target=\"_blank\" data-ylk=\"slk:statement;elm:context_link;elmt:doNotAffiliate;cpos:2;pos:1;itc:0;sec:content-canvas\">statement<\/a> on its website also confirming the hack. \u201cTwilio has detected that threat actors were able to identify data associated with Authy accounts, including phone numbers, due to an unauthenticated endpoint,\u201d the statement reads. \u201cWe have taken action to secure this endpoint and no longer allow unauthenticated requests.\u201d<\/p>\n<p>The company added that there was no evidence that the hackers accessed Twilio\u2019s systems or sensitive data. But updating to the latest version of the iOS and Android apps (on any devices you\u2019re running) is critical as they include new security updates.<\/p>\n<p>Twilio stressed that Authy accounts weren\u2019t compromised. However, the hackers (and anyone they share the data with) could \u201ctry to use the phone number associated with Authy accounts for phishing and smishing attacks.\u201d<\/p>\n<p>If you aren\u2019t familiar with the term, smishing is the text-message equivalent of phishing. So, if you have an Authy account, be extra cautious about any unexpected texts that appear to come from trusted sources, especially Authy or Twilio.<\/p>\n<p>Rachel Tobac, a social engineering expert and CEO of SocialProof Security, illustrated to <em>TechCrunch<\/em> what that may look like. \u201cIf attackers are able to enumerate a list of user\u2019s phone numbers, then those attackers can pretend to be Authy\/Twilio to those users, increasing the believability in a phishing attack to that phone number,\u201d Tobac said.<\/p>\n<p>\u201cWe encourage all Authy users to stay diligent and have heightened awareness around the texts they are receiving,\u201d Twilio stressed.<\/p>\n<\/div>\n<p>[ad_2]<br \/>\n<br \/><a href=\"https:\/\/www.engadget.com\/twilio-hack-leaves-authy-users-exposed-to-text-messaging-scams-165156650.html?src=rss\">Source link <\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>[ad_1] If you use Authy, update your app immediately. Twilio, the messaging company that owns the two-factor authentication service, confirmed to TechCrunch on Wednesday that<\/p>\n","protected":false},"author":1,"featured_media":239349,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"_uf_show_specific_survey":0,"_uf_disable_surveys":false,"footnotes":""},"categories":[159],"tags":[],"_links":{"self":[{"href":"https:\/\/michigandigitalnews.com\/index.php\/wp-json\/wp\/v2\/posts\/239348"}],"collection":[{"href":"https:\/\/michigandigitalnews.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/michigandigitalnews.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/michigandigitalnews.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/michigandigitalnews.com\/index.php\/wp-json\/wp\/v2\/comments?post=239348"}],"version-history":[{"count":0,"href":"https:\/\/michigandigitalnews.com\/index.php\/wp-json\/wp\/v2\/posts\/239348\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/michigandigitalnews.com\/index.php\/wp-json\/wp\/v2\/media\/239349"}],"wp:attachment":[{"href":"https:\/\/michigandigitalnews.com\/index.php\/wp-json\/wp\/v2\/media?parent=239348"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/michigandigitalnews.com\/index.php\/wp-json\/wp\/v2\/categories?post=239348"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/michigandigitalnews.com\/index.php\/wp-json\/wp\/v2\/tags?post=239348"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}