Fun

Authy 2FA app leaked phone numbers that may be used for text phishing

News Feed - 2024-07-04 05:07:00

Christopher Roark3 hours agoAuthy 2FA app leaked phone numbers that may be used for text phishingTwilio, the developer of the Authy authenticator app, said user phone numbers were leaked to attackers but accounts themselves were not compromised.796 Total views11 Total sharesListen to article 0:00NewsOwn this piece of crypto historyCollect this article as NFTJoin us on social networksHackers gained access to the Authy Android app database and “were able to identify data associated with [accounts], including phone numbers,” according to a July 1 security alert post issued by the app’s developer, Twilio.


The accounts themselves “are not compromised,” the post stated, implying that the attackers were not able to gain authentication credentials. However, the exposed phone numbers may be used for “phishing and smishing attacks” in the future. Because of this risk, Twilio encouraged Authy users to “stay diligent and have heightened awareness around the texts they are receiving.”Twilio security alert regarding Authy data breach. Source: Twilio


Related:What is a phishing attack in crypto, and how to prevent it?


Centralized exchange users often rely on Authy for two-factor authentication (2FA). It generates a code on the user’s device, which the exchange may ask for before it performs withdrawals, transfers or other sensitive tasks. Exchanges Gemini and Crypto.com both use Authy as their default 2FA app, and Coinbase, Binance and many other exchanges allow it as an option.


Authy is sometimes compared to Google’s Authenticator app, which has a similar purpose and is a competitor.


The attacker gained access through an “unauthenticated endpoint,” according to the post. The team has secured this endpoint, and the app no longer accepts unauthenticated requests going forward. It encouraged users to upgrade to the latest version of the app, which contains security improvements.


Twilio claimed that users’ authenticator codes have not been compromised, so the attackers should not be able to access their exchange accounts. “We have seen no evidence that the threat actors obtained access to Twilio’s systems or other sensitive data,” the company stated.


According to a report from Seeking Alpha, the hack was performed by the ShinyHunters cybercriminal group, which “leaked a text file that purportedly shows the 33M phone numbers registered with Authy.” In 2021, cybersecurity blog Restoreprivacy reported that this same criminal group was responsible for an AT&T data breach that resulted in the data of 51 million customers being released online.


Authenticator apps were developed to prevent SIM swap attacks, a type of social engineering scheme that involves convincing a phone company to transfer a user’s phone number to the attacker. Once the attacker gains control of the user’s phone account, they use it to receive the user’s 2FA codes without needing to physically possess the user’s phone.


This type of attack is still prevalent today, as some users still receive 2FA codes through text messaging instead of through an app. On June 12, blockchain security firm SlowMist reported that millions of dollars were recently lost by OKX users due to SIM swap attacks.


Magazine: Crypto-Sec: Phishing scammer targets Hedera users, address poisoner gets $70K# Blockchain# Business# Hackers# Authentication# Cryptocurrency Exchange# Cybersecurity# HacksAdd reaction

News Feed

BitSpinCasino Launch In Full Swing
BitSpinCasino Launch In Full Swing Deposit 1 bitcoin, and get more than 2 bitcoin to play with on BitSpinCasino with a limited-time 130% welcome offer. Limited-time Welcome Offer o
FTX Raises $400 Million in Series C Fundraise, Firm Reaches $32 Billion Valuation
FTX Raises $400 Million in Series C Fundraise, Firm Reaches $32 Billion Valuation Following the company’s subsidiary FTX US raising funds in its first Series A financing rou
Starknet fixes STRK token airdrop issues for Immutable X and ETH pool stakers
Jesse Coghlan1 minute agoStarknet fixes STRK token airdrop issues for Immutable X and ETH pool stakersA wallet address mix-up and trouble airdropping tokens to ETH pool stakers have been fixed, and both can claim STRK st
Crypto PACs are spending big on US elections — What it means for the industry
Robert D. Knight10 hours agoCrypto PACs are spending big on US elections — What it means for the industryPolitical action committees supporting the cryptocurrency industry are raising hundreds of millions of dollars.66
Judge dismisses coders’ DMCA claims against Microsoft, OpenAI and GitHub
Tristan Greene7 hours agoJudge dismisses coders’ DMCA claims against Microsoft, OpenAI and GitHubThe partial dismissal indicates complainants failed to demonstrate that GitHub reproduces human-created code.6630 Total v
Cointelegraph Accelerator16 hours agoHow Web3 improves data storage: GhostDrive joins Cointelegraph AcceleratorFileCoin-based data storage app GhostDrive focuses on user experience and encryption features.1169 Total view
Shiba Inu Market Struggles Might Just Be The Calm Before A 400% Storm
Este artículo también está disponible en español. The once dominant Shiba Inu (SHIB) is enduring a severe cryptocurrency downturn, seeing a significant 26% price reductio
RFK Jr. wants to put the entire US budget on a blockchain
Prashant Jha14 hours agoRFK Jr. wants to put the entire US budget on a blockchainRobert F. Kennedy Jr. is a big time Bitcoin and decentralized tech advocate who has promised to back the U.S. dollar with BTC if elected as
Federal Reserve Governor Supports More 75bps Rate Hikes Citing ‘Significant Risk of High Inflation Into Next Year’
Federal Reserve Governor Supports More 75bps Rate Hikes Citing "Significant Risk of High Inflation Into Next Year" Federal Reserve Governor Michelle Bowman says she supports ongoin
Indonesia Will Not Ban Cryptocurrencies Like China, Minister Says as Crypto Trade Soars
Indonesia Will Not Ban Cryptocurrencies Like China, Minister Says as Crypto Trade Soars Authorities in Indonesia do not intend to follow China’s example of imposing an outri
Tom Blackstone4 hours agoBinance CEO CZ’s downfall is ‘the end of an era’ — Charles HoskinsonThe Cardano founder claimed that crypto entrepreneurs must comply with regulations or use completely decentralized syst
Jesse Coghlan7 hours agoSEC asks judge to reject Coinbase’s motion to dismiss lawsuitThe regulator has asked a federal judge to deny Coinbase’s motion to dismiss its lawsuit, claiming the exchange knew the cryptocurr