1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • Twilio data breach gets a whole lot worse as it confirms hackers

    From TechnologyDaily@1337:1/100 to All on Thu Jul 4 11:15:05 2024
    Twilio data breach gets a whole lot worse as it confirms hackers accessed Authy user phone numbers

    Date:
    Thu, 04 Jul 2024 11:00:38 +0000

    Description:
    Hackers know which numbers are used for Twilio's Authy service, increasing
    the chances of successful smishing attacks.

    FULL STORY ======================================================================

    The recent data breach affecting Twilio may have taken a rather unfortunate extra turn after new reports claim the hackers can single out Authy users
    from the archives.

    The infamous ShinyHunters hacking collective recently said it stole 33
    million phone numbers from Twilio, and the company has now revealed that the attackers were able to determine which of those phone numbers are used for
    its Authy service.

    For those unfamiliar with Authy, it is a popular multi-factor authentication (MFA) tool, which Twilio acquired back in 2015. Impersonating Authy

    Twilio spokesperson Kari Ramirez told TechCrunch the company has detected
    that threat actors were able to identify data associated with Authy accounts, including phone numbers, due to an unauthenticated endpoint. We have taken action to secure this endpoint and no longer allow unauthenticated requests.

    We have seen no evidence that the threat actors obtained access to Twilios systems or other sensitive data. As a precaution, we are requesting all Authy users to update to the latest Android and iOS apps for the latest security updates and encourage all Authy users to stay diligent and have heightened awareness around phishing and smishing attacks, Ramirez wrote in an email.

    Knowing which phone numbers are used for Authy opens up new ways for hackers to conduct phishing attacks and bypass their victims MFA.

    For example, cybercriminals could impersonate Authy and reach out to the
    users via SMS and have them share time-sensitive codes to access different accounts.

    If attackers are able to enumerate a list of users phone numbers, then those attackers can pretend to be Authy/Twilio to those users, increasing the believability in a phishing attack to that phone number, Rachel Tobac, CEO of SocialProof Security, told the publication.

    Twilio is a cloud communications platform designed for companies looking to integrate real-time communications into their software applications. More
    from TechRadar Pro Microsoft SQL servers hijacked to deliver Cobalt Strike
    and ransomware Here's a list of the best firewalls today These are the best endpoint protection tools right now



    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/twilio-data-breach-gets-a-whole-lot-wor se-as-it-confirms-hackers-accessed-authy-user-phone-numbers


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)