Hackers stole 33 million phone numbers from Authy users

Twilio has confirmed a data breach affecting 33 million users.

Image via Twilio

A hacker group came forward last week claiming to have stolen the phone numbers of millions from Twilio, a communications company. Now, Twilio has confirmed the data breach, stating that the hacker group specifically breached Authy, the two-factor authentication service, stealing the phone numbers of 33 million users.

Twilio confirmed the data breach in a statement to TechCrunch. “We have seen no evidence that the threat actors obtained access to Twilio’s systems or other sensitive data,” wrote spokesperson Kari Ramirez. “As a precaution, we are requesting all Authy users to update to the latest Android and iOS apps for the latest security updates and encourage all Authy users to stay diligent and have heightened awareness around phishing and smishing attacks.”

The Authy logo on a white background.
Source: Twilio

Twilio notified users of the data breach in a security alert on its website. The company says the breach happened “due to an unauthenticated endpoint.” They also state that they’ve taken steps to prevent such a breach from happening again in the future.

If you use Authy, you should follow Twilio’s advice and update your mobile app. If there are any updates to this story, we’ll be sure add that information to this article.

News Editor

Donovan is a young journalist from Maryland, who likes to game. His oldest gaming memory is playing Pajama Sam on his mom's desktop during weekends. Pokémon Emerald, Halo 2, and the original Star Wars Battlefront 2 were some of the most influential titles in awakening his love for video games. After interning for Shacknews throughout college, Donovan graduated from Bowie State University in 2020 with a major in broadcast journalism and joined the team full-time. He is a huge Scream nerd and film fanatic that will talk with you about movies and games all day. You can follow him on twitter @Donimals_

From The Chatty
  • reply
    July 3, 2024 3:20 PM

    Donovan Erskine posted a new article, Hackers stole 33 million phone numbers from Authy users

    • reply
      July 3, 2024 3:24 PM

      The company says the breach happened “due to an unauthenticated endpoint.”

      Bruh. Wtf.

    • reply
      July 4, 2024 8:43 AM

      Really makes me want to use their authentication service

    • reply
      July 4, 2024 11:19 AM

      The possibility of something like this or worse happening is why I never switched to Authy in the first place.

      • reply
        July 4, 2024 11:51 AM

        What authenticator do you use instead that wouldn't have a similar risk of exposure?

        • reply
          July 4, 2024 12:07 PM

          I've been using Google Authenticator since long before they started doing any syncing (which I'm not entirely happy about).

          The whole point of 2FA is that you're authenticating with something that only you have access to. Syncing those codes through a 3rd party, and especially a 3rd party with no track record (as was the case when people started switching to Authy) defeats that purpose.

Hello, Meet Lola