Twilio Faces Security Breach: 33 Million Phone Numbers Stolen
Last week, a hacker claimed to have stolen 33 million phone numbers from U.S. messaging giant Twilio. This breach has raised concerns about the security of user data, particularly for those who use Authy, a popular two-factor authentication app owned by Twilio.
The hacker, known as ShinyHunters, posted on a hacking forum detailing the breach and claiming to have obtained the phone numbers of 33 million users. Twilio has since confirmed the breach, stating that “threat actors” were able to access data associated with Authy accounts, including phone numbers, through an unauthenticated endpoint.
Twilio’s spokesperson, Kari Ramirez, reassured users that there is no evidence of the threat actors gaining access to Twilio’s systems or other sensitive data. However, as a precautionary measure, Twilio is urging all Authy users to update their apps for the latest security updates and to remain vigilant against phishing attacks.
While the theft of phone numbers may not seem like a major threat on its own, it opens up the possibility for targeted phishing attacks. Rachel Tobac, an expert in social engineering, warned that attackers could use the stolen phone numbers to impersonate Authy or Twilio and deceive users into sharing sensitive information.
In a previous data breach in 2022, Twilio faced a similar incident where hackers targeted Authy users and stole two-factor codes. This current breach serves as a reminder of the importance of maintaining strong security measures and staying cautious online.
Twilio has published a security alert on its website urging users to update their apps and be aware of potential threats. As the company works to tighten its security measures, it is essential for users to remain vigilant and protect their personal information.