Topics
late
AI
Amazon
Image Credits:Drew Angerer / Getty Images
Apps
Biotech & Health
mood
Image Credits:Drew Angerer / Getty Images
Cloud Computing
Department of Commerce
Crypto
Enterprise
EVs
Fintech
Fundraising
Gadgets
Gaming
Government & Policy
computer hardware
layoff
Media & Entertainment
Meta
Microsoft
Privacy
Robotics
surety
societal
Space
Startups
TikTok
Transportation
speculation
More from TechCrunch
Events
Startup Battlefield
StrictlyVC
Podcasts
Videos
Partner Content
TechCrunch Brand Studio
Crunchboard
Contact Us
Last week , a hacker claimed to have stolen 33 million phone numbers from U.S. message jumbo Twilio . On Tuesday , Twilio corroborate to TechCrunch that “ menace actors ” were able to identify the phone routine of people who use Authy , a popular two - cistron authentication app own by Twilio .
In a post on a well - have sex hacking forum , the hacker or hacker fuck as ShinyHunters wrote that they hacked Twilio and obtained the mobile phone phone numbers of 33 million drug user .
Twilio spokesperson Kari Ramirez told TechCrunch that the caller “ has observe that terror actors were able-bodied to key datum connect with Authy accounts , including phone numbers , due to an unauthenticated endpoint . We have take action to secure this termination and no longer allow unauthenticated postulation . ”
“ We have seen no evidence that the threat actors obtain access to Twilio ’s systems or other sensitive data . As a caution , we are request all Authy users to update to the modish Android and iOS apps for the previous security department update and encourage all Authy users to stay persevering and have deepen awareness around phishing and smishing attacks , ” Ramirez wrote in an e-mail .
Twilio alsopublished an alerton its prescribed website on Monday , include the same financial statement .
While obtain a lean of phone numbers — on its own — may not seem to be the most dangerous of information breaches , it could still nonplus a terror to the owners of those numbers .
“ If assaulter are able to enumerate a list of substance abuser ’s phone numbers , then those attackers can pretend to be Authy / Twilio to those users , increase the credibility in a phishing attack to that headphone number , ” Rachel Tobac , an expert in social applied science and CEO of SocialProof Security , told TechCrunch .
Join us at TechCrunch Sessions: AI
Exhibit at TechCrunch Sessions: AI
Tobac explained that now hacker can specifically target the great unwashed who they know are Authy users , giving the attackers a chance to make it bet like their malicious messages really come from Authy and Twilio .
In 2022 , Twilio suffer a larger data breach , when a group of hackersaccessed the datum of more than 100 company customers . The hacker then launched a wide - ranging phishing run which result in the larceny of around 10,000 employee credentials fromat least 130 companies . As part of that breach at the time , Twilio said hackers successfully targeted 93 case-by-case Authy exploiter and were able to register additional equipment on those victim ’ Authy accounts , allowing them to effectively steal tangible two - factor codes .
UPDATE , 12:52 p.m. ET : This history has been corrected to clarify that the 2022 Twilio breach is not directly connected to the phishing campaign that resulted in the thieving of around 10,000 employee credentials of several company . The two onrush were allegedly sway out by the same terror actors .
