Authy Users' Phone Numbers Compromised via Twilio API Vulnerability
Open link in next tab
Hackers abused API to verify millions of Authy MFA phone numbers
https://www.bleepingcomputer.com/news/security/hackers-abused-api-to-verify-millions-of-authy-mfa-phone-numbers/
Twilio has confirmed that an unsecured API endpoint allowed threat actors to verify the phone numbers of millions of Authy multi-factor authentication users, potentially making them vulnerable to SMS phishing and SIM swapping attacks.