Authy Users' Phone Numbers Compromised via Twilio API Vulnerability
Twilio has confirmed that an unsecured API endpoint allowed threat actors to verify the phone numbers of millions of Authy multi-factor authentication users, potentially making them vulnerable to SMS phishing and SIM swapping attacks.
Hackers abused API to verify millions of Authy MFA phone numbers
You're viewing a single thread.
So for common folk like myself, what do I need to do? I used Authy for a few sites. Can a bad actor pretending to be me now get access to those sites?
I swapped to aegis from authy