Fun

Authy 2FA app leaked phone numbers that may be used for text phishing

News Feed - 2024-07-04 05:07:00

Christopher Roark3 hours agoAuthy 2FA app leaked phone numbers that may be used for text phishingTwilio, the developer of the Authy authenticator app, said user phone numbers were leaked to attackers but accounts themselves were not compromised.796 Total views11 Total sharesListen to article 0:00NewsOwn this piece of crypto historyCollect this article as NFTJoin us on social networksHackers gained access to the Authy Android app database and “were able to identify data associated with [accounts], including phone numbers,” according to a July 1 security alert post issued by the app’s developer, Twilio.


The accounts themselves “are not compromised,” the post stated, implying that the attackers were not able to gain authentication credentials. However, the exposed phone numbers may be used for “phishing and smishing attacks” in the future. Because of this risk, Twilio encouraged Authy users to “stay diligent and have heightened awareness around the texts they are receiving.”Twilio security alert regarding Authy data breach. Source: Twilio


Related:What is a phishing attack in crypto, and how to prevent it?


Centralized exchange users often rely on Authy for two-factor authentication (2FA). It generates a code on the user’s device, which the exchange may ask for before it performs withdrawals, transfers or other sensitive tasks. Exchanges Gemini and Crypto.com both use Authy as their default 2FA app, and Coinbase, Binance and many other exchanges allow it as an option.


Authy is sometimes compared to Google’s Authenticator app, which has a similar purpose and is a competitor.


The attacker gained access through an “unauthenticated endpoint,” according to the post. The team has secured this endpoint, and the app no longer accepts unauthenticated requests going forward. It encouraged users to upgrade to the latest version of the app, which contains security improvements.


Twilio claimed that users’ authenticator codes have not been compromised, so the attackers should not be able to access their exchange accounts. “We have seen no evidence that the threat actors obtained access to Twilio’s systems or other sensitive data,” the company stated.


According to a report from Seeking Alpha, the hack was performed by the ShinyHunters cybercriminal group, which “leaked a text file that purportedly shows the 33M phone numbers registered with Authy.” In 2021, cybersecurity blog Restoreprivacy reported that this same criminal group was responsible for an AT&T data breach that resulted in the data of 51 million customers being released online.


Authenticator apps were developed to prevent SIM swap attacks, a type of social engineering scheme that involves convincing a phone company to transfer a user’s phone number to the attacker. Once the attacker gains control of the user’s phone account, they use it to receive the user’s 2FA codes without needing to physically possess the user’s phone.


This type of attack is still prevalent today, as some users still receive 2FA codes through text messaging instead of through an app. On June 12, blockchain security firm SlowMist reported that millions of dollars were recently lost by OKX users due to SIM swap attacks.


Magazine: Crypto-Sec: Phishing scammer targets Hedera users, address poisoner gets $70K# Blockchain# Business# Hackers# Authentication# Cryptocurrency Exchange# Cybersecurity# HacksAdd reaction

News Feed

Russia Can’t Do Without Cross-Border Crypto Payments, Consensus Reached
Russia Can’t Do Without Cross-Border Crypto Payments, Consensus Reached Key government institutions have agreed that Russia needs to legalize crypto payments for international se
Mystery malware targets Call of Duty cheaters, stealing their Bitcoin
Jesse Coghlan5 hours agoMystery malware targets Call of Duty cheaters, stealing their BitcoinMalware database vx-underground has warned of a new info-stealing malware in cyberspace that is targeting video gamers, especia
India’s Prime Minister Modi Calls for Global Collaboration on Crypto — Says ‘We Have to Have a Similar Mindset’
India"s Prime Minister Modi Calls for Global Collaboration on Crypto — Says "We Have to Have a Similar Mindset" India’s prime minister, Narendra Modi, has called on govern
Solana Forms Bullish Flag On Daily Chart — Breakout Imminent?
Reason to trust Strict editorial policy that focuses on accuracy, relevance, and impartiality Created by industry experts and meticulously reviewed The highest standards in reporting and pu
Bank of Spain Governor Warns About Traditional Banking’s Exposure to Crypto Assets
Bank of Spain Governor Warns About Traditional Banking"s Exposure to Crypto Assets The Governor of the Bank of Spain has alerted the public about the risks mixing traditional banks
Tristan Greene5 hours agoNYU law professors argue ‘personal growth bets’ using smart contracts should be legalThe duo’s paper says self-contracts can help a user quit smoking or lose weight, but incentives such as
Ana Paula Pereira6 hours agoElon Musk calls for AI regulatory oversight: ReportIn a keynote address at a Chinese government-backed AI conference, Musk noted that governments should be concerned about deep intelligence.10
Web3 and Crypto Checking Account Startup Juno Raises $18M, Airdrops Reward Token JCOIN
Web3 and Crypto Checking Account Startup Juno Raises $18M, Airdrops Reward Token JCOIN Juno, the Singapore-based Web3 crypto firm that offers customers checking accounts tied to cr
Tom Blackstone3 hours agoChatGPT launches new feature that lets subscribers make their own GPTsThe ‘GPTs’ feature potentially reduces the need for paid subscribers to enter complex prompts, the OpenAI team claimed.15
Bitcoin just printed a $20K monthly candle — Its biggest ever in USD
William Suberg2 hours agoBitcoin just printed a $20K monthly candle — Its biggest ever in USDBTC price returns are already hitting records, with Bitcoin eyeing an attack on all-time highs after preserving $60,000.1840
Celestials Stellar Club Announces NFT Collection Minting Date March 14 2022
Celestials Stellar Club Announces NFT Collection Minting Date March 14 2022 press release PRESS RELEASE. Looking for an exciting new NFT collection to be a part of? Look no further
Citizens Trust Bank to Hold $65 Million in USDC Reserves as Circle Expands Bank Partnerships
Citizens Trust Bank to Hold $65 Million in USDC Reserves as Circle Expands Bank Partnerships On Friday, the cryptocurrency firm and stablecoin issuer Circle announced that the fina