Some Authy 2FA accounts were compromised in Twilio data breach

Hackers used the access to link additional devices to the accounts.


Secure messaging app Signal isn’t the only platform dealing with the aftermath of the recent Twilio data breach. In an August 24th update spotted by TechCrunch, the company disclosed that hackers gained access to 93 individual Authy accounts. The platform is one of the more popular two-factor authentication apps on the market. It was acquired by Twilio in 2015 and has approximately 75 million users.

According to Twilio, hackers took advantage of the access they gained to register additional devices to the 93 accounts affected by the breach, meaning they had the opportunity to use the software to generate login codes. The company has “since identified and removed unauthorized devices” from the 93 accounts. Twilio says affected users should review their linked logins and look for signs of suspicious activity. It also recommends that those individuals double-check their linked device list and disable the app’s “Allow Multi-device” option.

On Wednesday, Twilio also shared that it now believes 163 of its customers had their data accessed for a “limited period of time” due to the hack. The company previously put that number at 125. While the scale of the Authy component is small, it represents a worst-case scenario for those individuals. Adding two-factor authentication to your accounts is one of the best ways to protect yourself online; having a hacker compromise that system, even if only momentarily, is scary.