It is becoming more common to add extra security to the platforms and applications that we access with a password using the method known as 2FA. Thus, by adding a two-factor authentication system, it is much more difficult for attackers to hack our online accounts.
To manage these protection methods, we often use specially designed applications, for which we refer to authentication apps. These are the ones in charge of providing us with the necessary codes to be able to use the aforementioned 2FA method. The problem comes when the personal data we store here is also in danger, as is the case at hand.
Specifically, we are referring to a leak of millions of data that has occurred in one of the most widely used applications of this type in the world, Authy. As it has now become known, attackers have obtained the personal data of millions of Authy users. Here we are referring to the 2FA authentication application owned by the company called Twilio.
To give you a better idea of ​​the leak that has occurred, malicious actors have identified the phone numbers of the users of the aforementioned application. It was last week when a well-known hacker claimed to have stolen 33 million phone numbers from the company we are talking about. And now it has been confirmed that the attackers obtained this data from the users of the authentication app, Authy, including their phone numbers.
First of all, we must keep in mind that these authentication applications use our phone as an identifier to protect the passwords that we add here. From there, they are responsible for providing us with the security codes when we need them when accessing the different platforms.
How to fix Authy data leak
It has therefore been confirmed that, as stated by a spokesperson for the company itself, hackers obtained the data from the aforementioned application. He also stated that at the moment there is no evidence that malicious actors accessed its systems or other sensitive data. Nevertheless, and based on the sensitive information handled by Authy, this attack and leak became a serious problem.
The company has therefore taken immediate action and has now confirmed that it has already protected the vulnerable point of the application. Basically, this means that we should update the authentication app as soon as possible to correct this vulnerability. This is something that applies to both users of Google’s Android system and Apple’s iOS.
At the same time, they add that over the next few weeks we should be on the lookout for possible phishing and smishing attacks that could reach our mobile devices. Therefore, even if the data leak was suspicious and dangerous, we have the most effective solution at hand. In fact, it is possible that the authentication application has already been automatically updated on your mobile device.
