Hackers claim to have stolen 33 million phone numbers from US messaging giant Twilio, which confirmed to CyberGuys that the threat actors accessed data relating to its Authy two-factor authentication service.
While obtaining a list of phone numbers is not in itself the biggest cyber attack, it can still pose a threat to the owners of those numbers.
Hackers can use these numbers to Phishing Attacks“Twilio has since patched the app to prevent future security incidents and has issued warnings to users,” the company said in a statement.
To get security alerts, expert tips, sign up for Kurt’s newsletter – Cyberguy Report here
Illustration of a hacker at work (Kurt “Cyberguy” Knutson)
What you need to know
On July 3, a group of hackers known as ShinyHunters reportedly boasted on a hacking forum that they had stolen 33 million mobile phone numbers. Twilio said. He said the incident was “not a hack or breach,” but rather the threat actor exploited “an unauthenticated endpoint.” Put simply, the hacker exploited a specific part of Twilio’s systems that doesn’t require authentication.
The US messaging giant confirmed that hackers were able to identify data relating to Authy accounts, including phone numbers, but did not say how many accounts were affected. The company said it had no evidence to suggest the hackers accessed Twilio’s systems or other sensitive data.
Twilio provided the following statement to CyberGuy: “Twilio has detected that an unauthenticated endpoint enabled threat actors to identify data associated with Authy accounts, including phone numbers. We have taken steps to secure this endpoint and do not allow unauthenticated requests.”
“We have not seen any evidence that the threat actors accessed Twilio’s systems or other sensitive data. As a precautionary measure, we urge all Authy users to update to the latest Android and iOS apps for the latest security updates, and encourage them to remain vigilant and aware of phishing and smishing attacks.”
Click here to get FOX Business on the go
Illustration of a hacker at work (Kurt “Cyberguy” Knutson)
Banking Trojan targets more apps, putting Android users at risk
What do affected users need to do?
If you were affected by the Twilio security incident, the first thing you should do is download the latest version of the Authy app. Twilio has released a new version of the app that includes bug fixes and security updates. Android users Update the app from the Play StoreiPhone users should head over to the App Store.
Also, points to note are Phishing AttacksWhile your Authy account itself is secure, hackers may use the phone number linked to your account to launch phishing scams, meaning they could contact you pretending to be from Authy or Twilio in an attempt to trick you into giving up your personal information.
Hacker illustration (Kurt “Cyberguy” Knutson)
Android banking Trojan poses as Google Play to steal data
5 steps to protect your privacy and personal data
Hackers can exploit your personal information in a variety of ways, but there are steps you can take to prevent yourself from becoming a victim.
1. Deploy powerful antivirus software: Android has its own built-in anti-malware feature called Play Protect, but it’s not enough to stop all malicious software. Until now, Play Protect has not been 100% reliable in removing all known malware from your Android phone. The best way to protect yourself from clicking on malicious links that install malware that can access your personal information is to have antivirus protection installed on all your devices. This will also alert you to phishing emails and ransomware scams. We’ve handpicked the winners of the best antivirus protection of 2024 for Windows, Mac, Android and iOS devices.
2. Use identity theft protection services: Identity theft companies monitor personal information like social security numbers, phone numbers, and email addresses to alert you if it’s being sold on the dark web or used to open accounts, and they can also help freeze bank and credit card accounts to prevent further fraud by criminals.
Click here to read more US news
The biggest benefit of using some of the services is that they may include identity theft insurance. Up to $1 million to cover losses and legal costs And at the White Glove Fraud Resolution Team, U.S.-based case managers to help you recover your losses. Check out these tips and best choices for protecting yourself against identity theft.
3. Invest in a data deletion service: No service promises to delete all your data from the Internet, but if you want to constantly monitor and automate the process of continually deleting information from hundreds of sites over a long period of time, a deletion service can be a useful tool. Use my recommendations to remove your personal data from the internet.
4. Use multi-factor authentication: To enable Two-factor authentication It adds an extra layer of security beyond passwords to important accounts by requiring a second step, like a code sent to your mobile phone, to log in.
5. Use a VPN: To protect you from being tracked and to identify your potential location on websites you visit, consider using a VPN. Many sites can read your IP address and, depending on your privacy settings, may be able to see the city you’re communicating from. A VPN disguise your IP address to show a different location. For the best VPN software, check out my expert reviews of the best VPNs for browsing the web privately on your phone. Windows, Mac, Android and iOS devices.
How to lock hackers out of your digital accounts and outsmart criminals
Important points about the cart
Authy is a two-factor authentication service that users trust, but security flaws in the system are a reminder to users that no service is perfect. The service’s makers claim that hackers cannot access Authy accounts, which is reassuring. Companies should invest more in their security infrastructure to ensure that sensitive customer data is not easily compromised.
Click here to get the FOX News app
How do you think companies should improve their security practices to prevent incidents like the Twilio security incident? Cyberguy.com/Contact Us.
If you want to receive more of my tech tips and security alerts, subscribe to the free CyberGuy Report newsletter at the link below. Cyberguy.com/Newsletter.
Have a question for Kurt or tell us the story you’d like to see featured?.
Follow Kurt on his social channels:
Answers to the CyberGuy’s most frequently asked questions:
Copyright 2024 CyberGuy.com. All Rights Reserved.
