Skip to main content

Hackers breached 2FA accounts of some Authy users, Twilio confirms

Twilio, an online communications company, was the subject of a cyberattack earlier this month, but today the company has confirmed that the attack was bigger in scope than it initially announced. The announcement from early August said that 100 Twilio customers had their information accessed by outside sources as a result of Twilio employees being phished. Now the company has announced that 93 Authy app users have also had select information compromised.

What at Authy was breached

Authy is a two-factor authentication app owned by Twilio, so a breach can’t get much worse for consumers than having their security information compromised. Following an internal investigation, Twilio says that 93 accounts were accessed and had additional unauthorized devices added to them. The company confirmed that it had “identified and removed unauthorized devices” from all impacted accounts.

Authy logo against a black and white background.
Authy (logo)

The reason these devices were added was essentially to create devices capable of bypassing specific users’ two-factor authentication in order to gain even more information about their various other accounts that rely on Authy for security. Other than providing the number of accounts that were breached, Twilio didn’t give any specific details regarding what user information may have been accessed through Authy accounts.

Recommended Videos

The attack seems to be tied to the hacker group “Oktapus” which has laid claim to numerous company information breaches over the last six months, including a breach of DoorDash, which was reported earlier this week.

Please enable Javascript to view this content

How to know if your Authy account is affected

Twilio says that it has already reached out to all 93 account owners to let them know that were affected by the breach and that their information is at risk. If you didn’t hear from the company, you’re likely a part of the roughly 75 million Authy users that got through the breach unaffected. It’s still not a bad idea to check your Authy account information to make sure that nothing suspicious is going on there.

In addition to changing any passwords associated with your Authy account, Twilio recommends looking in your account settings to “review all devices tied to (your) Authy account” in order to make sure that only authorized devices are connected. The company also advises users to disable the “Allow Multi-Device” setting in their account to restrict the devices linked to it.

Peter Hunt Szpytek
Former Digital Trends Contributor
A podcast host and journalist, Peter covers mobile news with Digital Trends and gaming news, reviews, and guides for sites…
Google quietly announced a huge change for the Pixel 6, Pixel 7, and Pixel Fold
The back of the Pixel 7 Pro and Pixel 6 Pro.

If you have a Google Pixel 6, Pixel 7, or original Pixel Fold, then we have some good news. Those devices will now last longer, as Google has extended update support for them by an additional two years, according to a change on its support page.

When the Pixel 6 launched, Google also announced that it would be extending software support for future devices from three years to five years. Previously, Google only gave its hardware three years of security and Android OS updates, but at that time, security updates were extended to five years. Android OS upgrades stayed at three.

Read more
6 excellent iPhone apps that I wish were available on Android
Four iPhone exclusive apps and associated widgets on an iPhone 16 Pro homescreen

For the past 15 years, the way we think about and use technology has been completely reshaped. What was once a hardware-first industry quickly became a software-first one, and this radical evolution of technology can be traced back to one pivotal moment. In 2009, Apple debuted the iPhone 3G and the first App Store. This launch ushered in a new era: the smartphone, complete with apps. It also debuted one of the best commercials, complete with a catchphrase that is sometimes still used today: There’s an app for that.

For many years, the iPhone had a plethora of apps that were not available on Android. While most of these are now available cross-platform, not every developer has embraced the billions of potential customers who don’t have an iPhone. Even now, some apps launch first on iOS and can take months or years to launch on Android.

Read more
Here’s another hands-on look at the Google Pixel 9a’s radical new design
A person holding the Google Pixel 8a.

The Google Pixel 9a is months away from launch, but many leaks have already revealed what the phone might look like. New real-life images of the Pixel 9a fortify earlier leaks, making us believe the purported design changes, including a more condensed camera module.

Prominent leaker OnLeaks shared a set of images on X allegedly showing a prototype unit of the Pixel 9a. The images show the front and the back of the Pixel 9a and align with the previous leaks of the phone, including hands-on images and digital renders.

Read more