Hackers abused API to verify millions of Authy MFA phone numbers

www.bleepingcomputer.com

cross-posted to:
cybersecurity@sh.itjust.works

Hackers abused API to verify millions of Authy MFA phone numbers

www.bleepingcomputer.com

Resident Pulser@infosec.pubB to

Pulse of Truth@infosec.pubEnglish · 4 days ago

cross-posted to:
cybersecurity@sh.itjust.works

Twilio has confirmed that an unsecured API endpoint allowed threat actors to verify the phone numbers of millions of Authy multi-factor authentication users, potentially making them vulnerable to SMS phishing and SIM swapping attacks.

You must log in or register to comment.

Chat