Summary

  • Authy is a 2FA app that recently suffered a data breach that exposed more than 33 million phone numbers.
  • An unsecured API endpoint allowed threat actors to collect linked numbers.
  • If you think your personal information might be among the 33 million leaked numbers, consider securing your accounts with 2FA and be wary of SMS phishing attacks.
    • evo@sh.itjust.works
      link
      fedilink
      English
      arrow-up
      9
      ·
      6 months ago

      That is exactly like saying having a separate deadbolt on your door is adding another attack vector…

    • Bezier@suppo.fi
      link
      fedilink
      English
      arrow-up
      9
      ·
      6 months ago

      That’s like saying that the second key of a 2-key nuke launch console is an extra attack vector.

    • limerod@reddthat.comOPM
      link
      fedilink
      English
      arrow-up
      6
      ·
      6 months ago

      The breach was because of an unsecured API endpoint. No actual auth codes were leaked. without 2FA the attacker would just need your password and email to get account access.