Hackers Exploit Twilio API to Verify MFA Phone Numbers

Home/BOTNET, Compromised, Exploitation, Internet Security, Security Advisory, Security Update/Hackers Exploit Twilio API to Verify MFA Phone Numbers

Hackers Exploit Twilio API to Verify MFA Phone Numbers

A vulnerability in an unauthenticated endpoint allowed threat actors to identify phone numbers associated with Authy accounts. The endpoint has since been secured to prevent unauthorized access. Although there is no evidence of attackers accessing internal systems or other sensitive data, it is crucial to implement additional security measures to mitigate potential phishing attacks exploiting the leaked phone numbers.

An unauthenticated endpoint in Twilio’s Authy app allowed malicious actors to identify user phone numbers. While no evidence suggests a broader system intrusion or sensitive data exposure, Twilio urges all Authy users to update their Android and iOS apps to mitigate the risk of phishing and smishing attacks exploiting the exposed phone numbers.

Authy users should remain vigilant and carefully examine any suspicious text messages. A new software update for both Android and iOS devices addresses various bug fixes, including security vulnerabilities.

It is imperative to install this update promptly to maintain device functionality and integrity.

Android users can download the update via a provided link, while iOS users can acquire it through the standard software update process on their devices.

Twilio acknowledges the security incident and apologizes for the disruption. Their Security Incident Response Team (T-SIRT) is currently investigating and will provide updates as the situation evolves.

This incident highlights the critical role of T-SIRT in proactively identifying security vulnerabilities, implementing preventative measures, and taking corrective actions in the event of a breach.

T-SIRT’s swift response and ongoing communication are essential to minimizing the impact of security incidents and maintaining customer trust.

If users encounter login issues or have lost access to their registered phone number, they should contact Authy support.

Authy specialists will assist with restoring access to the account, which may involve troubleshooting login problems or initiating a phone number change procedure.

‍Follow Us on: Twitter, InstagramFacebook to get the latest security news!

By | 2024-07-05T23:01:31+05:30 July 5th, 2024|BOTNET, Compromised, Exploitation, Internet Security, Security Advisory, Security Update|

About the Author:

FirstHackersNews- Identifies Security

Leave A Comment

Subscribe to our newsletter to receive security tips everday!