Authy Users Urged to Stay Alert After 33 Million Phone Numbers Exposed

Twilio has updated its Authy two-factor authentication (2FA) service after a hacker claimed to have retrieved 33 million phone numbers from its user database.

authy
TechCrunch reports that the hacker(s) known as ShinyHunters took to a well-known hacking forum to boast about the theft of 33 million cell phone numbers, achieved by what Twilio described as the use of an "authenticated endpoint."

The U.S. messaging giant confirmed this week that "threat actors" gained access to its servers, resulting in the theft of users' phone numbers, but it did not specify how many were accessed. The company said it had taken action to secure the exploit and prevent similar future unauthenticated requests.

"We have seen no evidence that the threat actors obtained access to Twilio's systems or other sensitive data," said the company in a blog post. "While Authy accounts are not compromised, threat actors may try to use the phone number associated with Authy accounts for phishing and smishing attacks; we encourage all Authy users to stay diligent and have heightened awareness around the texts they are receiving."

As Twilio notes, obtaining a list of phone numbers may not appear in itself to pose a severe security threat. However, attackers could conceivably contact users and claim to be Authy or Twilio representatives in order to get them to reveal personal information as part of a phishing campaign.

Users should update to the latest version of the iOS app, available on the App Store. Twilio also advises users who cannot access their Authy account to contact its support team immediately.

At the beginning of the year, Authy announced that it was shutting down its Mac and Linux desktop apps in August 2024, but ended up bringing the date forward. The apps were subsequently killed off in March.

Popular Stories

iPhone 17 Pro in Hand Feature Lowgo

iPhone 17 Pro Coming Soon With These 14 New Features

Friday July 4, 2025 1:05 pm PDT by
Apple's next-generation iPhone 17 Pro and iPhone 17 Pro Max are just over two months away, and there are plenty of rumors about the devices. Below, we recap key changes rumored for the iPhone 17 Pro models. Latest Rumors These rumors surfaced in June and July:Apple logo repositioned: Apple's logo may have a lower position on the back of the iPhone 17 Pro models, compared to previous...
Apple Watch Ultra Night Mode Screen

Apple Watch Ultra 3 Launching Later This Year With Two Key Upgrades

Wednesday July 2, 2025 1:13 pm PDT by
The long wait for an Apple Watch Ultra 3 appears to be nearly over, and it is rumored to feature both satellite connectivity and 5G support. Apple Watch Ultra's existing Night Mode In his latest Power On newsletter, Bloomberg's Mark Gurman said that the Apple Watch Ultra 3 is on track to launch this year with "significant" new features, including satellite connectivity, which would let you...
iPhone 17 Pro in Hand Feature Lowgo

iPhone 17 Pro Max Battery Capacity Leaked

Thursday July 3, 2025 5:40 am PDT by
The iPhone 17 Pro Max will feature the biggest ever battery in an iPhone, according to the Weibo leaker known as "Instant Digital." In a new post, the leaker listed the battery capacities of the iPhone 11 Pro Max through to the iPhone 16 Pro Max, and added that the iPhone 17 Pro Max will feature a battery capacity of 5,000mAh: iPhone 11 Pro Max: 3,969mAh iPhone 12 Pro Max: 3,687mAh...
airpods pro 2

AirPods Pro 3 to Help Maintain Apple's Place in Earbud Market Amid Increasing Low-Cost Competition

Thursday July 3, 2025 7:25 am PDT by
Apple's position as the dominant force in the global true wireless stereo (TWS) earbud market is expected to continue through 2025, according to Counterpoint Research. The forecast outlines a 3% year-over-year increase in global TWS unit shipments for 2025, signaling a transition from rapid growth to a more mature phase for the category. While Apple is set to remain the leading brand by...
iphone 16 pro models 1

Here's How the iPhone 17 Pro Max Will Compare to the iPhone 17 Pro

Saturday July 5, 2025 1:00 pm PDT by
Apple should unveil the iPhone 17 series in September, and there might be one bigger difference between the Pro and Pro Max models this year. As always, the Pro Max model will be larger than the Pro model:iPhone 17 Pro: 6.3-inch display iPhone 17 Pro Max: 6.9-inch displayGiven the Pro Max is physically larger than the Pro, it has more internal space, allowing for a larger battery and...
apple silicon mac lineup 2024 feature purple m5

Apple's Upcoming Macs Listed in New Report

Thursday July 3, 2025 9:09 am PDT by
AppleInsider's Marko Zivkovic today shared a list of alleged identifiers for future Mac models, which should roll out over the next year or so. The report does not reveal anything too surprising, but it does serve as further evidence that Apple is seemingly working on new models of every Mac, including the MacBook Air, MacBook Pro, iMac, Mac mini, Mac Studio, and Mac Pro. Apple is...

Top Rated Comments

jasonsmith_88 Avatar
13 months ago
Been using Authy for years but I’ve always been suss on the requirement for a phone number, especially as Twilio’s entire business model is SMS.

You should not have to, nor expect to, disclose your phone number in order to use a TOTP generator. My data has already been leaked so many times, so I migrated to 2FAS about a month ago in anticipation of an event like this. Sadly my data was leaked because Authy takes 30 days to delete an account ?

Do not use Authy.
Score: 14 Votes (Like | Disagree)
antiprotest Avatar
13 months ago

Never even heard of Twilio, should we be concerned? :rolleyes:
Many of the services you have heard of use Twilio. It offers APIs and such. So it's not a name customers will always directly face, but it's there. In this case, Twilio owns Authy.
Score: 10 Votes (Like | Disagree)
JosephAW Avatar
13 months ago
Never even heard of Twilio, should we be concerned? :rolleyes:
Score: 7 Votes (Like | Disagree)
chucker23n1 Avatar
13 months ago

Many of the services you have heard of use Twilio.
Yep.

For example, lots of companies use Twilio SendGrid for transactional mails (password change confirmations, etc.) or marketing mails (newsletters, etc.). Or they use Twilio itself to send text messages.
Score: 6 Votes (Like | Disagree)
WarmWinterHat Avatar
13 months ago

Bummer. I liked Twilio's Authy, in part because it synced well between macOS and iOS. But now iCloud Keychain can do this as well, so I might as well migrate to that.

I also still use Twilio's SendGrid.
I don't use Authy anymore, but I've always kept my 2FA codes separate from my passwords app. If one got compromised, at least the 2FA sites would still be secure.
Score: 6 Votes (Like | Disagree)
Jackbequickly Avatar
13 months ago
Things like this happen all the time. Most of the time we never are even informed, even when they get way more than our phone numbers. It is near unavoidable in today's world.
Score: 5 Votes (Like | Disagree)