#1
|
||||
|
||||
2FA hack reveals personal info on millions of people
Security is not something any of us get to ignore, and with so much of our lives tied to various accounts and services, protecting that access is critical. Users interested in making things as difficult as possible for hackers often look for login options that support two-factor authentication, preventing bad actors from messing with your data using a stolen password alone. Of course, that makes 2FA solutions themselves a prime target, and thats just what Twilio has been dealing with recently, as an API vulnerability exposed some Authy user data. Authy is one of the more popular 2FA apps around, competing with the likes of Googles own Authenticator. BleepingComputer reports that just about a week ago, hackers shared a data set consisting of some 33 million entries, connecting account IDs to user phone numbers. Twilio confirmed to the site that this data was scraped by way of a hacker connecting to a previously unsecured API endpoint — essentially, they could just run through a list of every possible phone number, and if one of them was associated with a registered Authy user, the API would respond with the linked account info. Credit: BleepingComputer To be clear, none of this exfiltrated data includes any passwords or anything that would directly provide access to your Authy account. But that said, your phone number is still very much personally identifiable information and could be combined with other data sets to become an increasingly useful (or, to you, threatening) profile for someone interested in compromising your security. As BleepingComputer notes, the references to “gemini†and “nexo†databases you see above are explicit instructions for this kind of cross-referencing. Twilio has since shut down the exposed API that made this leak possible and advises updating Authy on your phone, but that sounds more like best practices than a specific fix for anything related to this attack. More... |
Currently Active Users Viewing This Thread: 1 (0 members and 1 guests) | |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
New Rockstar 2FA phishing service targets Microsoft 365 accounts | phillynews215 | Web Host News | 0 | 11-29-2024 03:24 PM |
Kia dealer portal flaw could let attackers hack millions of cars | phillynews215 | Web Host News | 0 | 09-26-2024 05:49 PM |
WordPress.org to require 2FA for plugin developers by October | phillynews215 | Web Host News | 0 | 09-12-2024 10:54 PM |
Spotify finally offers 2FA support, but its horrible | phillynews215 | Bulletin News | 0 | 07-11-2024 12:12 PM |
Hack Info | elboriyorker | Bulletin News | 0 | 06-12-2006 10:14 PM |