Twilio, an online communications company, was the subject of a cyberattack earlier this month, but today the company has confirmed that the attack was bigger in scope than it initially announced. The announcement from early August said that 100 Twilio customers had their information accessed by outside sources as a result of Twilio employees being phished. Now the company has announced that 93 Authy app users have also had select information compromised.
Authy is a two-factor authentication app owned by Twilio, so a breach can’t get much worse for consumers than having their security information compromised. Following an internal investigation, Twilio says that 93 accounts were accessed and had additional unauthorized devices added to them. The company confirmed that it had “identified and removed unauthorized devices” from all impacted accounts.
The reason these devices were added was essentially to create devices capable of bypassing specific users’ two-factor authentication in order to gain even more information about their various other accounts that rely on Authy for security. Other than providing the number of accounts that were breached, Twilio didn’t give any specific details regarding what user information may have been accessed through Authy accounts.
The attack seems to be tied to the hacker group “Oktapus” which has laid claim to numerous company information breaches over the last six months, including a breach of DoorDash, which was reported earlier this week.
Twilio says that it has already reached out to all 93 account owners to let them know that were affected by the breach and that their information is at risk. If you didn’t hear from the company, you’re likely a part of the roughly 75 million Authy users that got through the breach unaffected. It’s still not a bad idea to check your Authy account information to make sure that nothing suspicious is going on there.
In addition to changing any passwords associated with your Authy account, Twilio recommends looking in your account settings to “review all devices tied to (your) Authy account” in order to make sure that only authorized devices are connected. The company also advises users to disable the “Allow Multi-Device” setting in their account to restrict the devices linked to it.
Related Posts
You could soon ask ChatGPT how healthy your week really was
As noted by MacRumors, Strings inside the app reference health categories such as activity, sleep, diet, breathing, and hearing, suggesting the range of data that could be shared.
Samsung Galaxy Z TriFold is cool, but I’m more psyched about the future it teases
It’s surreal to see a device like that come to life. At least on the global stage. Huawei has already done it a couple of times with the dual-folding Mate XT pair, but that device leaves an exposed screen edge, runs a non-Android experience, and remains far away from the Western markets, including the US.
Google Photos Recap is here and the 2025 edition has a narcissism meter too
Gemini scans your library to identify themes, milestones, trips, and things you photographed often.