According to a security alert issued by Twilio on July 1, hackers accessed the Authy Android app database and retrieved data associated with accounts, including phone numbers. Twilio clarified that the accounts themselves were not compromised, indicating that authentication credentials were not obtained by the attackers. However, the exposed phone numbers could potentially be used for future phishing and smishing attacks. Twilio advised Authy users to remain vigilant and be cautious about the texts they receive, emphasizing heightened awareness to mitigate risks.
Centralized exchange users commonly use Authy for two-factor authentication (2FA). Authy generates a code on the user’s device, which exchanges like Gemini and Crypto.com require for actions such as withdrawals, transfers, or other sensitive operations. Authy is the default 2FA app for both Gemini and Crypto.com, while exchanges like Coinbase, Binance, and others also offer it as an optional choice for users.
