A vulnerability in Twilio Authy Authenticator led to a massive leak of 33 million phone numbers
A serious vulnerability was recently discovered in the API of the popular two-factor authentication application Authy, resulting in the leak of users' personal data.
Here's What We Know
Hackers were able to access information about the phone numbers associated with Authy accounts using an insecure API endpoint. As a result, a database of around 33 million phone numbers was published online.
Twilio, the owner of Authy, confirmed the leak and closed the vulnerable API. While passwords and direct access to Authy accounts have not been compromised, phone numbers are personal information and can be used to create a security threat when combined with other data.
Users are advised to update the Authy app on their devices, although this is more of a precautionary measure than a specific solution to this attack.
Source: BleepingComputer