Authy 2FA app leaks phone numbers that could be used for SMS phishing

Odaily News According to a security alert post published by app developer Twilio on July 1, hackers gained access to the Authy Android app database and "were able to identify data associated with accounts, including phone numbers." The post noted that the accounts themselves "were not compromised," meaning the attackers were unable to obtain authentication credentials. However, the leaked phone numbers could be used in "phishing and SMS phishing attacks" in the future. As a result, Twilio called on Authy users to "remain vigilant and be highly alert to incoming text messages." Users of centralized exchanges often rely on Authy for two-factor authentication (2FA). It generates a code on the user's device, which the trading platform may ask for before performing withdrawals, transfers, or other sensitive tasks. Exchanges Gemini and Crypto.com both use Authy as their default 2FA app, and Coinbase, Binance, and many other exchanges allow it as an option. (Cointelegraph)