Skip to main content
  1. Home
  2. Mobile
  3. News

Hackers breached 2FA accounts of some Authy users, Twilio confirms

By

Twilio, an online communications company, was the subject of a cyberattack earlier this month, but today the company has confirmed that the attack was bigger in scope than it initially announced. The announcement from early August said that 100 Twilio customers had their information accessed by outside sources as a result of Twilio employees being phished. Now the company has announced that 93 Authy app users have also had select information compromised.

What at Authy was breached

Authy is a two-factor authentication app owned by Twilio, so a breach can’t get much worse for consumers than having their security information compromised. Following an internal investigation, Twilio says that 93 accounts were accessed and had additional unauthorized devices added to them. The company confirmed that it had “identified and removed unauthorized devices” from all impacted accounts.

Authy logo against a black and white background.
Authy (logo)

The reason these devices were added was essentially to create devices capable of bypassing specific users’ two-factor authentication in order to gain even more information about their various other accounts that rely on Authy for security. Other than providing the number of accounts that were breached, Twilio didn’t give any specific details regarding what user information may have been accessed through Authy accounts.

Recommended Videos

The attack seems to be tied to the hacker group “Oktapus” which has laid claim to numerous company information breaches over the last six months, including a breach of DoorDash, which was reported earlier this week.

Related

How to know if your Authy account is affected

Twilio says that it has already reached out to all 93 account owners to let them know that were affected by the breach and that their information is at risk. If you didn’t hear from the company, you’re likely a part of the roughly 75 million Authy users that got through the breach unaffected. It’s still not a bad idea to check your Authy account information to make sure that nothing suspicious is going on there.

In addition to changing any passwords associated with your Authy account, Twilio recommends looking in your account settings to “review all devices tied to (your) Authy account” in order to make sure that only authorized devices are connected. The company also advises users to disable the “Allow Multi-Device” setting in their account to restrict the devices linked to it.

Editors' Recommendations

Topics
Peter Hunt Szpytek
Peter Hunt Szpytek
Mobile Writer
A podcast host and journalist, Peter covers mobile news with Digital Trends and gaming news, reviews, and guides for sites…
Samsung Galaxy Ring: news, rumored price, release date, and more
Three sizes of the Samsung Galaxy Ring, sitting on top of a white display case.

The smart ring market has been dominated by the Oura Ring so far, but that is about to change with the upcoming launch of the Samsung Galaxy Ring. The ring was teased at Samsung's Unpacked event in January and then again at Mobile World Congress (MWC) in February.

The Galaxy Ring is expected to come with various health sensors to help you track your physical fitness and daily activities — all with the backing of Samsung Health. It's one of the most highly anticipated releases of the year, and this is everything we know about it (so far).
Samsung Galaxy Ring: release date

Read more
Did you buy a Google Pixel 8a? These are the first 9 things you need to do
Google Pixel 8a in Aloe.

Ahead of Google I/O 2024, Google revealed the Google Pixel 8a, and it’s turning out to be one of the best phone values in a while. It boasts a beautiful OLED display that now sports a 120Hz refresh rate, the Tensor G3 chip, Gemini Nano, a larger battery, wireless charging, and a refreshed design with some fun new colors. In short, there's a lot to dig into.

There is definitely a lot to like about the Google Pixel 8a, and as such, we don't blame you if you aren't sure where to start. If you just picked one up, then make sure you do these things first!
Turn on Smooth Display

Read more
The 4 biggest things Google didn’t announce at Google I/O 2024
A photo of Sundar at the Google I/O 2024 keynote.

Google’s big keynote at its I/O 2024 developer conference was mostly focused on Gemini, its AI tool. There are big changes coming to Google Search, Google Photos, Google Workspaces, Android 15, and more, as expected.

If you were expecting more from the Google I/O keynote that didn’t involve Gemini AI, then you may be disappointed. There were no hardware announcements, though there was a possible tease of something in the future.

Read more