Analysis Summary

Twilio, a cloud communications provider, has disclosed that anonymous threat actors exploited an Authy unauthenticated endpoint to find information linked to Authy accounts, including phone numbers.

The company added that after taking precautions, the endpoint is now safe and would only accept authenticated requests. This happened just a few days after a threat actor posted a database on dark web forums that purportedly had 33 million phone numbers that were taken from Authy accounts. Twilio has owned Authy since 2015. Authy is a well-known two-factor authentication (2FA) service that strengthens account security.

According to the company, there is no proof that threat actors were able to access any sensitive data or Twilio's servers. However, it advises users to update their iOS (version 26.1.0 or later) and Android (version 25.1.0 or later) apps to the most recent version out of an abundance of caution.

Additionally, it issued a warning that phishing and smishing attempts might try to leverage the phone number linked to Authy accounts by threat actors. All Authy users are urged by the company to remain vigilant and pay close attention to the texts they receive.

Impact

• Exposure of Data
• Identity Theft

Remediation

• Ensure all operating systems and software are up to date with the latest security patches.
• Employ reliable antivirus and antimalware software to detect and block known threats.
• Regularly update these tools to maintain the latest threat intelligence.
• Implement IDPS to detect and prevent unusual network activity, system behavior, or similar threats.
• Enable two-factor authentication (2FA) on your accounts adds an extra layer of security and can help prevent unauthorized access even if your login credentials have been stolen.
• Regularly backing up your important data can help ensure that you don’t lose any critical information in the event of a malware infection or other data loss event.
• Be wary of emails, attachments, and links from unknown sources. Also, avoid downloading software from untrusted sources or clicking on suspicious ads or pop-ups.
• Use email filtering solutions to block malicious attachments and links that may deliver malware to users via phishing emails.
• Segment your network to limit lateral movement for attackers.
• Employ application whitelisting to only allow approved software to run on systems, reducing the risk of unauthorized applications being executed.
• Implement robust monitoring solutions to detect any unusual or suspicious activities, such as unauthorized access attempts or data exfiltration. Establish an effective incident response plan to respond to and mitigate any potential breaches quickly.
• Make sure all of your software, including your operating system and applications, is up-to-date with the latest security patches. This can help prevent vulnerabilities that info-stealers and other types of malware could exploit.