Authy Users Urged to Stay Alert After 33 Million Phone Numbers Exposed
Twilio has updated its Authy two-factor authentication (2FA) service after a hacker claimed to have retrieved 33 million phone numbers from its user database.
TechCrunch reports that the hacker(s) known as ShinyHunters took to a well-known hacking forum to boast about the theft of 33 million cell phone numbers, achieved by what Twilio described as the use of an "authenticated endpoint."
The U.S. messaging giant confirmed this week that "threat actors" gained access to its servers, resulting in the theft of users' phone numbers, but it did not specify how many were accessed. The company said it had taken action to secure the exploit and prevent similar future unauthenticated requests.
"We have seen no evidence that the threat actors obtained access to Twilio's systems or other sensitive data," said the company in a blog post. "While Authy accounts are not compromised, threat actors may try to use the phone number associated with Authy accounts for phishing and smishing attacks; we encourage all Authy users to stay diligent and have heightened awareness around the texts they are receiving."
As Twilio notes, obtaining a list of phone numbers may not appear in itself to pose a severe security threat. However, attackers could conceivably contact users and claim to be Authy or Twilio representatives in order to get them to reveal personal information as part of a phishing campaign.
Users should update to the latest version of the iOS app, available on the App Store. Twilio also advises users who cannot access their Authy account to contact its support team immediately.
At the beginning of the year, Authy announced that it was shutting down its Mac and Linux desktop apps in August 2024, but ended up bringing the date forward. The apps were subsequently killed off in March.
Popular Stories
Apple today announced a "special Apple Experience" in New York, London, and Shanghai, taking place on March 4, 2026 at 9:00am ET.
Apple invited select members of the media to the event in three major cities around the world. It is simply described as a "special Apple Experience," and there is no further information about what it may entail. The invitation features a 3D Apple logo design...
Apple on Monday invited selected journalists and content creators to a "special Apple Experience" on Wednesday, March 4 in New York, London, and Shanghai.
At an Apple Experience, attendees are typically given the opportunity to try out Apple's latest hardware or software. Following the launch of Apple Creator Studio last month, for example, some content creators attended an Apple Experience...
Apple's upcoming iPhone 18 Pro and iPhone 18 Pro Max models "won't be a big update," according to Bloomberg's Mark Gurman.
In the latest edition of his "Power On" newsletter, Gurman said that the iPhone 18 Pro models will "represent minor tweaks from last year's iPhone 17 Pro and 17 Pro Max." He compared the upgrade to Apple's past practice of appending the letter "S" to its more minor...
Apple on Monday invited selected journalists and content creators to a "special Apple Experience" on Wednesday, March 4 in New York, London, and Shanghai. And now, rumors are surfacing about Apple's broader plans for that week.
Daring Fireball's John Gruber today guessed that Apple will announce new products on a day-by-day basis from Monday, March 2 through Wednesday, March 4:What strikes...
In 2020, Apple added a digital car key feature to its Wallet app, allowing users to lock, unlock, and start a compatible vehicle with an iPhone or Apple Watch. The feature is currently offered by select automakers, such as Audi, BMW, Hyundai, Kia, Genesis, Mercedes-Benz, and Volvo, and Toyota is now rolling out support as well.
According to a Reddit post, select trims of the 2026 Toyota RAV4 ...
