Twilio has confirmed that an unsecured API endpoint allowed threat actors to verify the phone numbers of millions of Authy multi-factor authentication users, potentially making them vulnerable to SMS phishing and SIM swapping attacks.
Authy is a mobile app that generates multi-factor authentication codes at websites where you have MFA enabled.
In late June, a threat actor named ShinyHunters leaked a CSV text file containing what they claim are 33 million phone numbers registered with the Authy service.
Learn more / En savoir plus / Mehr erfahren:
https://www.scoop.it/t/securite-pc-et-internet/?&tag=Two-factor+authentication
https://www.scoop.it/topic/securite-pc-et-internet/?&tag=2FA
https://www.scoop.it/t/securite-pc-et-internet/?&tag=DATA-BREACHES
https://www.scoop.it/topic/securite-pc-et-internet/?&tag=MFA
Your new post is loading...
Twilio has confirmed that an unsecured API endpoint allowed threat actors to verify the phone numbers of millions of Authy multi-factor authentication users, potentially making them vulnerable to SMS phishing and SIM swapping attacks.
Authy is a mobile app that generates multi-factor authentication codes at websites where you have MFA enabled.
In late June, a threat actor named ShinyHunters leaked a CSV text file containing what they claim are 33 million phone numbers registered with the Authy service.
Learn more / En savoir plus / Mehr erfahren:
https://www.scoop.it/t/securite-pc-et-internet/?&tag=Two-factor+authentication
https://www.scoop.it/topic/securite-pc-et-internet/?&tag=2FA
https://www.scoop.it/t/securite-pc-et-internet/?&tag=DATA-BREACHES
https://www.scoop.it/topic/securite-pc-et-internet/?&tag=MFA