all InfoSec News logo
all InfoSec News - Your InfoSec news aggregator
Log in Sign up
all InfoSec News

Hackers abused API to verify millions of Authy MFA phone numbers

Add to bookmarks
July 3, 2024, 4:43 p.m. | Lawrence Abrams

BleepingComputer www.bleepingcomputer.com

Twilio has confirmed that an unsecured API endpoint allowed threat actors to verify the phone numbers of millions of Authy multi-factor authentication users, potentially making them vulnerable to SMS phishing and SIM swapping attacks. [...]

api attacks authentication authy endpoint factor hackers making mfa millions multi-factor multi-factor authentication numbers phishing phone phone numbers security sim sim swapping sim swapping attacks sms sms phishing threat threat actors twilio unsecured verify vulnerable

Visit resource

More from www.bleepingcomputer.com / BleepingComputer

Cloudflare blames recent outage on BGP hijacking incident 15 hours ago | www.bleepingcomputer.com
1.1.1 1.1.1.1 bgp border +17
Hackers leak alleged Taylor Swift tickets, amp up Ticketmaster extortion 17 hours ago | www.bleepingcomputer.com
amp barcode claim data +15
New Eldorado ransomware targets Windows, VMware ESXi VMs 18 hours ago | www.bleepingcomputer.com
as-a-service called esxi locker +9
Ethereum mailing list breach exposes 35,000 to crypto draining attack 1 day, 18 hours ago | www.bleepingcomputer.com
actor addresses attack breach +15
Hackers attack HFS servers to drop malware and Monero miners 1 day, 21 hours ago | www.bleepingcomputer.com
attack cryptocurrency cryptocurrency mining file +12
HealthEquity data breach exposes protected health information 2 days, 14 hours ago | www.bleepingcomputer.com
access account breach compromised +13
OVHcloud blames record-breaking DDoS attack on MikroTik botnet 2 days, 16 hours ago | www.bleepingcomputer.com
attack botnet breaking cloud +21
Hackers abused API to verify millions of Authy MFA phone numbers 2 days, 17 hours ago | www.bleepingcomputer.com
api attacks authentication authy +24
Formula 1 governing body discloses data breach after email hacks 2 days, 18 hours ago | www.bleepingcomputer.com
access accounts attack attackers +14

Jobs in InfoSec / Cybersecurity

Find Talent

Application Developer with Python

@ Node.Digital | Arlington, Virginia, United States
View on infosec-jobs.com

Data Analytics Consulting Analyst/Associate (2025 Bachelor's/Master's graduates)

@ Charles River Associates | Boston, MA; New York City; Summit, NJ; San Francisco, CA; Washington, DC
View on infosec-jobs.com

Systems Engineer - Principal I

@ Node.Digital | Dulles, Virginia, United States
View on infosec-jobs.com

Analyste Systèmes Informatiques 5

@ Bombardier | Dorval, Québec, CA, H4S 1Y9
View on infosec-jobs.com

Logistics Driver (Part-Time)

@ Forensic Access Group | Nuneaton, Warwickshire, United Kingdom
View on infosec-jobs.com

Customer Success Manager

@ Cyderes | United States
View on infosec-jobs.com