Authy 2FA app leaks phone numbers that could be used for SMS phishing
According to a July 1 security alert post by app developer Twilio, hackers gained access to the Authy Android app database, enabling them to identify data associated with accounts, including phone numbers.
The post notes that the account itself was not compromised, meaning the attacker was unable to obtain authentication credentials. However, the leaked phone number could be used in future phishing and SMS phishing attacks.
Twilio therefore encourages Authy users to remain vigilant and highly alert to incoming text messages. Users of centralized trading platforms often rely on Authy for two-factor authentication (2FA). It generates a code on the user's device that the trading platform may ask for before performing withdrawals, transfers or other sensitive tasks.
Authy is sometimes compared to Google's Authenticator app, which has similar features.