Hackers gain access to Authy 2FA accounts in Twilio breach

Authy, a two-factor authentication (2FA) service used by Twilio, was accessed by attackers after compromising the provider of programmable communication tools Twilio.

Researchers say the Twilio data breach is part of a larger campaign of cyberattacks targeting more than 300 organizations.

According to Twilio, the attackers who gained access to its infrastructure on August 4 were also able to access the accounts of 93 Authy users and linked devices to those accounts.

Although Twilio stated that the compromised Authy accounts belong to individual users and represent only a small fraction of the total of 75 million users, the 93 compromised users mean that the attackers were able to access the 2FA codes generated for the Authy users’ accounts.

Twilio revealed that 163 Twilio users whose data was accessed by the attackers for a limited period of time were notified by the company of the unauthorized access.

To protect their accounts, users are asked to review any linked account(s) for suspicious activity, review all devices connected to their Authy accounts, and add a backup device while disabling “Allow Multi-device” in the Authy application.

The sources for this piece include an article in BleepingComputer.

IT World Canada Staff
IT World Canada Staff
The online resource for Canadian Information Technology professionals.

Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada

Featured Download

ITW in your inbox

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

More Best of The Web