Twilio reports that hackers have identified the cell phone numbers of Authy users using its two-factor authentication app

Last week, Twilio, a major U.S. messaging platform, faced a security breach where hackers claimed to have obtained 33 million phone numbers, primarily from users of Authy, Twilio’s popular two-factor authentication app. Confirming the incident, Twilio spokesperson Kari Ramirez informed TechCrunch that the breach exploited an unauthenticated endpoint, allowing threat actors to access phone number data associated with Authy accounts. Twilio promptly secured the endpoint to prevent further unauthorized access.

Ramirez emphasized that there’s no evidence suggesting the hackers accessed Twilio’s systems or sensitive data beyond phone numbers. However, as a precaution, Twilio urged all Authy users to update their Android and iOS apps for enhanced security measures. The company also advised users to remain vigilant against phishing and smishing attacks, highlighting the importance of heightened awareness.

Twilio’s response includes ongoing efforts to safeguard user data and maintain transparency with its customers, as evidenced by the alert posted on its official website to notify users and provide security recommendations.