Skip to main content

Hackers breached 2FA accounts of some Authy users, Twilio confirms

Twilio, an online communications company, was the subject of a cyberattack earlier this month, but today the company has confirmed that the attack was bigger in scope than it initially announced. The announcement from early August said that 100 Twilio customers had their information accessed by outside sources as a result of Twilio employees being phished. Now the company has announced that 93 Authy app users have also had select information compromised.

What at Authy was breached

Authy is a two-factor authentication app owned by Twilio, so a breach can’t get much worse for consumers than having their security information compromised. Following an internal investigation, Twilio says that 93 accounts were accessed and had additional unauthorized devices added to them. The company confirmed that it had “identified and removed unauthorized devices” from all impacted accounts.

Authy logo against a black and white background.
Authy (logo)

The reason these devices were added was essentially to create devices capable of bypassing specific users’ two-factor authentication in order to gain even more information about their various other accounts that rely on Authy for security. Other than providing the number of accounts that were breached, Twilio didn’t give any specific details regarding what user information may have been accessed through Authy accounts.

The attack seems to be tied to the hacker group “Oktapus” which has laid claim to numerous company information breaches over the last six months, including a breach of DoorDash, which was reported earlier this week.

How to know if your Authy account is affected

Twilio says that it has already reached out to all 93 account owners to let them know that were affected by the breach and that their information is at risk. If you didn’t hear from the company, you’re likely a part of the roughly 75 million Authy users that got through the breach unaffected. It’s still not a bad idea to check your Authy account information to make sure that nothing suspicious is going on there.

In addition to changing any passwords associated with your Authy account, Twilio recommends looking in your account settings to “review all devices tied to (your) Authy account” in order to make sure that only authorized devices are connected. The company also advises users to disable the “Allow Multi-Device” setting in their account to restrict the devices linked to it.

Editors' Recommendations

Peter Hunt Szpytek
A podcast host and journalist, Peter covers mobile news with Digital Trends and gaming news, reviews, and guides for sites…
The best password managers for iPhone
Login screen on an iPhone held by a woman.

As password management becomes more challenging because of the tons of logins we have to keep track of, it may be time to move beyond the default Apple Keychain for passwords on your iPhone. You may want a tool that seamlessly syncs with your Windows computer or offers extensions for web browsers other than Safari.

For safe and solid options to maintain passwords and logins on iOS, this list provides you with the features, security measures, and prices for the best password managers on iPhone.

Read more
I have a mysterious problem with my iPhone 15 Pro Max
iPhone 15 Pro Max laying outside in a park.

There’s an issue with the iPhone I’d like Apple to fix, but I’m not quite sure what it will take to do so. I don't know if it’s a hardware or a software problem or even if I’ll always notice it if the issue has gone away.

It’s the battery life, but not necessarily the length of time the battery lasts on a charge. It’s more about battery life consistency, which is currently (and has been for some time) all over the place.
What’s the issue?

Read more
Is this our first look at the OnePlus Watch 3?
Someone wearing the OnePlus Watch 2.

The OnePlus Watch 2 Joe Maring / Digital Trends

OnePlus has a small portfolio of wearables, particularly smartwatches. Despite its bankable hardware, the OnePlus Watch 2 that launched earlier this year had some evident cutbacks. These include the lack of LTE connectivity, the half-baked crown button, and the absence of now-standard health features such as ECG and body weight composition. With its next watch, OnePlus appears to be addressing some of those issues, a recent certification listing in China has revealed.

Read more