{"id":24818,"date":"2024-07-04T05:10:09","date_gmt":"2024-07-04T13:10:09","guid":{"rendered":"http:\/\/www.palada.net\/index.php\/2024\/07\/04\/news-18548\/"},"modified":"2024-07-04T05:10:09","modified_gmt":"2024-07-04T13:10:09","slug":"news-18548","status":"publish","type":"post","link":"https:\/\/www.palada.net\/index.php\/2024\/07\/04\/news-18548\/","title":{"rendered":"Authy phone numbers accessed by cybercriminals, warns Twilio"},"content":{"rendered":"\n

Twilio has warned users of the Authy<\/a> multi-factor authentication (MFA)<\/a> app about an incident in which cybercriminals may have obtained their phone numbers.<\/p>\n

Twilio said the cybercriminals abused an unsecured Application Programming Interface (API) endpoint to verify the phone numbers of millions of Authy multi-factor authentication users.<\/p>\n

Authy is an app that you install on your device which then produces a MFA code for you when logging into services.<\/p>\n

The cybercriminals were able test the validity of an enormous list of phone numbers against the unsecured API endpoint. If the number was valid, the endpoint would return information about the associated accounts registered with Authy.<\/p>\n

Twilio says it has seen no evidence of the attackers gaining access to Twilio\u2019s systems or other sensitive data, but as a precaution it is asking all Authy users to update to the latest Android<\/a> and iOS<\/a> apps.<\/p>\n

BleepingComputer notes<\/a> that a threat actor named ShinyHunters leaked a CSV text file containing what they claim are 33 million phone numbers registered with the Authy service.<\/p>\n

\n

\u201cIn late June, a threat actor named ShinyHunters leaked a CSV text file containing what they claim are 33 million phone numbers registered with the Authy service.\u201d<\/p>\n<\/blockquote>\n

\"ShinyHunters<\/figure>\n

In that post, ShinyHunters suggests that buyers combine the data set with those leaked in the Gemini or Nexo data breaches. Nexo is a crypto platform where users can buy, exchange, and store Bitcoin and other cryptocurrencies. Gemini is another cryptocurrency exchange which has suffered several breaches in the past years.<\/p>\n

With matches between the data sets, a cybercriminal could engage in SIM-swapping<\/a> or phishing<\/a> attacks to steal the target\u2019s cryptocurrencies.<\/p>\n

If you are an Authy user we advise you to update at your earliest convenience and keep an eye out for any potential phishing messages.<\/p>\n

How to avoid being phished<\/h2>\n

Remember that phishing messages will try to rush you into making a decision by setting an ultimatum or otherwise imposing a sense of urgency. Don\u2019t let them rush you into an expensive mistake.<\/p>\n

There are a few tell-tale signs for phishing mails:<\/p>\n

    \n
  1. It asks you to update\/fill in personal information.<\/li>\n
  2. The URL on the email and the URL that displays when you hover over the link are different from one another.<\/li>\n
  3. The \u201cFrom\u201d address is not the legitimate address, although it may be a close imitation.<\/li>\n
  4. The formatting and design are different from what you usually receive from the impersonated brand.<\/li>\n
  5. The email contains an attachment you weren\u2019t expecting.<\/li>\n<\/ol>\n

    However, with the advancement of AI, phishing emails are getting more sophisticated. So if you have even a tiny amount of suspicion that something is phishy, don\u2019t hesitate to confirm the source of the email through another method. The chances of losing your money are much smaller after a quick call asking \u201cDid you send this?\u201d<\/p>\n

    \n

    We don’t just report on threats – we help safeguard your entire digital identit<\/strong>y<\/p>\n

    Cybersecurity risks should never spread beyond a headline. Protect your\u2014and your family’s\u2014personal information by using identity protection<\/a>.<\/p>\n

    https:\/\/blog.malwarebytes.com\/feed\/<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

    Authy users have been warned that their phone numbers have been obtained by cybercriminals that abused an unsecured API endpoint. <\/p>\n","protected":false},"author":4,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_container_layout":"default_layout","colormag_page_sidebar_layout":"default_layout","footnotes":""},"categories":[10488,10378],"tags":[14183,32,31616,5897,25846,31617],"class_list":["post-24818","post","type-post","status-publish","format-standard","hentry","category-malwarebytes","category-security","tag-authy","tag-news","tag-phone-numbers","tag-privacy","tag-twilio","tag-unsecured-api"],"_links":{"self":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/24818","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/comments?post=24818"}],"version-history":[{"count":0,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/24818\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/media?parent=24818"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/categories?post=24818"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/tags?post=24818"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}