Tech News
Unsecured Authy MFA API Exploited For Number Verification
Reportedly, criminal hackers exploited an unsecured Authy (an MFA app) API to verify phone numbers falsely. This activity makes the phone numbers of millions of users vulnerable to cyber threats.
Unsecured Authy API Exploited In Recent Attacks
Twilio, the parent firm behind the popular MFA app Authy, recently disclosed a security incident affecting its app. As explained in its security update, Twilio detected malicious abuse of the app to falsely verify millions of phone numbers.
Specifically, the yet-unknown hackers abused an unsecured Authy API endpoint to obtain users’ data related to Authy, including their phone numbers. Twilio explains that hackers may use this data to target users with malicious activities like SMS phishing and SIM swapping attacks.
While the hackers accessed users’ data, Twilio confirmed having no impact on the Authy app’s structure. Nor is there any infiltration with Authy accounts. Instead, the breach happened merely because of the unsecured endpoint that allowed unauthenticated requests.
Nonetheless, upon detecting this issue, Twilio protected the exposed API and addressed the issue. Consequently, it asks all users to update their Authy apps with the latest versions. The firm has released the update with Authy Android v25.1.0 and iOS App v26.1.0, available on the Google Play Store and Apple App Store, respectively.
Besides, the firm also asked users who may be having trouble accessing their Authy accounts to contact Twilio support for assistance.
While Twilio didn’t mention anything about the attackers’ identity, according to Bleeping Computer, the notorious ShinyHunters hacker group dumped a CSV text file of 33 million phone numbers on a dark web forum in June 2024. The poster claimed these numbers to have been registered with Authy. Bleeping Computer elaborated that the attackers fed a list of phone numbers to the unsecured Authy API endpoint to gather information about the accounts linked to the registered numbers.
Let us know your thoughts in the comments.
-
Destination3 months ago
Singapore Airlines CEO set to join board of Air India, BA News, BA
-
Tech News7 months ago
Bangladeshi police agents accused of selling citizens’ personal information on Telegram
-
Motivation6 months ago
The Top 20 Motivational Instagram Accounts to Follow (2024)
-
Guides & Tips5 months ago
Have Unlimited Korean Food at MANY Unlimited Topokki!
-
Guides & Tips5 months ago
Satisfy Your Meat and BBQ Cravings While in Texas
-
Gaming4 months ago
The Criterion Collection announces November 2024 releases, Seven Samurai 4K and more
-
Self Development7 months ago
Don’t Waste Your Time in Anger, Regrets, Worries and Grudges
-
Toys6 months ago
15 of the Best Trike & Tricycles Mums Recommend