Data Breach Exposes Phone Numbers of 33 Million Authy Users

Twilio has announced a data breach affecting its Authy two-factor authentication (2FA) app. The breach, caused by a vulnerability in Twilio’s API, allowed hackers to access and sell the phone numbers of 33 million Authy users.

Authy is a popular app that generates 2FA codes for websites and apps that support this feature. The leaked data includes user IDs, phone numbers, account statuses, and the number of registered devices.

Twilio has released a security update for the Authy app to patch the vulnerability. Users are advised to update to the latest version of Authy for Android (25.1.0) and iOS (26.1.0). Twilio also warns that the breach could put users at risk of phishing attacks via SMS.

This is not the first data breach to affect Twilio. In 2022, the company suffered breaches in June and August that also exposed the information of Authy customers.

Data Breach Exposes Phone Numbers of 33 Million Authy Users

Data Breach Exposes Phone Numbers of 33 Million Authy Users

Apple Issues Critical Updates for iOS and iPadOS

Google Warns That Ad Blocker Extensions May Soon Be Disabled

Serious Security Vulnerabilities Discovered in Xiaomi Phones