Skip to main content

Hackers breached 2FA accounts of some Authy users, Twilio confirms

Twilio, an online communications company, was the subject of a cyberattack earlier this month, but today the company has confirmed that the attack was bigger in scope than it initially announced. The announcement from early August said that 100 Twilio customers had their information accessed by outside sources as a result of Twilio employees being phished. Now the company has announced that 93 Authy app users have also had select information compromised.

What at Authy was breached

Authy is a two-factor authentication app owned by Twilio, so a breach can’t get much worse for consumers than having their security information compromised. Following an internal investigation, Twilio says that 93 accounts were accessed and had additional unauthorized devices added to them. The company confirmed that it had “identified and removed unauthorized devices” from all impacted accounts.

Authy logo against a black and white background.
Authy (logo)

The reason these devices were added was essentially to create devices capable of bypassing specific users’ two-factor authentication in order to gain even more information about their various other accounts that rely on Authy for security. Other than providing the number of accounts that were breached, Twilio didn’t give any specific details regarding what user information may have been accessed through Authy accounts.

Recommended Videos

The attack seems to be tied to the hacker group “Oktapus” which has laid claim to numerous company information breaches over the last six months, including a breach of DoorDash, which was reported earlier this week.

How to know if your Authy account is affected

Twilio says that it has already reached out to all 93 account owners to let them know that were affected by the breach and that their information is at risk. If you didn’t hear from the company, you’re likely a part of the roughly 75 million Authy users that got through the breach unaffected. It’s still not a bad idea to check your Authy account information to make sure that nothing suspicious is going on there.

In addition to changing any passwords associated with your Authy account, Twilio recommends looking in your account settings to “review all devices tied to (your) Authy account” in order to make sure that only authorized devices are connected. The company also advises users to disable the “Allow Multi-Device” setting in their account to restrict the devices linked to it.

Peter Hunt Szpytek
A podcast host and journalist, Peter covers mobile news with Digital Trends and gaming news, reviews, and guides for sites…
This one iPadOS 26 feature has me excited for the iPhone Fold
Semi-open state of a foldable iPhone concept

Samsung is set to launch the seventh generation of its Galaxy Z Fold book-style folding phone this Summer, but its biggest rival is yet to show its folding phone hand. Apple has long been expected to unveil an iPhone Fold, and the latest rumors suggest that it will launch next year.

I’ve used almost every folding phone released globally, with some exceptions for extremely obscure ones. While I've always been curious what an iPhone Fold would look like, I was fairly certain that Apple shouldn't build it, as I wasn’t sure they could deliver on one necessary feature.

Read more
These are the 4 best alternatives to the Google Pixel 9a
A person taking the Google Pixel 9a out of a pocket.

The best cheap phone race has been reignited by the Google Pixel 9a, which brings the Google Pixel 9 series experience at a significantly lower price. Starting at $449, Google’s latest Pixel offers the flagship processor of its siblings for flagship-level performance, an excellent camera, and long-term software support.

Yet, Google’s software experience won’t be for everyone; there are obvious tradeoffs in the specs sheet to enable the low price; the camera bar design is somewhat polarizing for long-term fans, and there’s no telephoto camera. 

Read more
Apple and Samsung rivalling phones, earbuds and more due at huge July event
The OnePlus Summer Launch Event has five new products, including the Nord 5 and Pad 3 Lite
Five OnePlus products launching in July 2025

OnePlus has confirmed it will host a bumper launch event on July 8, where it will announce five new products, covering phones, headphones, wearables and tablets.

The range of new devices will join the OnePlus 13, OnePlus 13R and OnePlus Pad 3 which arrived earlier this year as the Chinese firm fills out its product offering to compete against Apple, Samsung and co.

Read more