Twilio Confirms Hackers Identified 33 Million Authy Users' Phone Numbers via Unsecured API Endpoint

Jul 3, 2024, 04:48 PM

Twilio has confirmed that hackers identified the cell phone numbers of users of its two-factor authentication app, Authy. The breach, which involved an unsecured API endpoint, potentially exposed 33 million phone numbers last week. This exposure makes users vulnerable to smishing and SIM swapping attacks. Twilio acknowledged the incident but did not specify the exact number of affected users. The primary risk from this breach is the potential for more targeted phishing attacks, as reported by TechCrunch.