In the recent news, messaging giant Twilio has confirmed that hackers also compromised the accounts of some Authy users as part of the wider Twilio breach. Authy is Twilio’s two-factor authentication (2FA) app it acquired in 2015. The breach saw malicious actors accessing the data of more than 100 customers after successfully phishing multiple employees, which keeps growing in scale.
The Twilio Breach is Part of a Wider Phishing Campaign
Researchers this week linked the Twilio breach and others to a wider phishing campaign by a hacking group dubbed “0ktapus,” which has stolen close to 10,000 employee credentials from at least 130 organizations since March. Now, Twilio has confirmed that Authy users were also impacted by the Twilio breach.
In an update to its incident report on August 24, Twilio said that the hackers gained access to the accounts of 93 individual Authy users and registered additional devices, effectively allowing the attackers to generate login codes for any connected 2FA-enabled account. The company said it has “since identified and removed unauthorized devices from these Authy accounts” and is advising affected Authy users, which it has contacted, to review linked accounts for suspicious activity.
Hackers Are Finding New Ways to Overcome Two-Factor Authentication
While using any two-factor authentication is better than none, hackers are increasingly devising new ways to trick users into handing over app-based codes, which are generally far more difficult to obtain than codes sent by text message. Twilio also said in the update that the number of compromised Twilio customers has increased from 125 to 163, with hackers accessing data at these organizations for a “limited period of time.” The company has not named its impacted customers, but some have notified their own users that they were affected by the breach.