Authy phone numbers accessed by cybercriminals, warns Twilio

Twilio has warned users of the Authy multi-factor authentication (MFA) app about an incident in which cybercriminals may have obtained their phone numbers.

Twilio said the cybercriminals abused an unsecured Application Programming Interface (API) endpoint to verify the phone numbers of millions of Authy multi-factor authentication users.

Authy is an app that you install on your device which then produces a MFA code for you when logging into services.

The cybercriminals were able test the validity of an …

api app application application programming interface authentication authy cybercriminals endpoint factor incident interface may mfa millions multi-factor multi-factor authentication numbers phone phone numbers programming twilio unsecured verify