Twilio has confirmed that an unsecured API endpoint allowed threat actors to verify the phone numbers of millions of Authy multi-factor authentication users, potentially making them vulnerable to SMS phishing and SIM swapping attacks.
Lol it's taken me a while to come around to MFA (I used to hate it but I've started using open source MFA apps), but my hesitation to use proprietary solutions has proved smart.