Users of Twilio, the cloud-based communication service provider, are being alerted to a security breach affecting Authy, its platform for multi-factor authentication. It has been reported that a threat actor successfully accessed Authy’s end servers, potentially compromising user phone number data used for securing accounts.
The concern was raised after a threat group known as Shiny Hunters claimed on social media to have accessed data linked to more than 33 million phone numbers from Authy accounts. Authy, an integral security layer for Twilio introduced in 2015, aims to bolster account protection through multi-factor authentication.
To mitigate the impact of this breach, Twilio is advising all users to update their Android and iOS devices to the latest version of the Authy app immediately. This precaution is crucial as cybercriminals with access to phone number details could exploit them for phishing or smishing attacks via text messages.
Interestingly, this breach coincides with Twilio’s launch announcement of Flex, a mobile app designed for its Contact Center as a Service (CCaaS) platform. Flex supports both iOS and Android 11 and above, offering seamless integration with single sign-on functionality and on-premises customer data. The beta version of Flex is available for free download, while users with a Flex Only Mobile license can purchase and deploy the app for operational use.
In response to such incidents on cloud platforms, security experts strongly recommend promptly changing passwords associated with affected accounts to mitigate risks effectively.
