The hacker claimed to have stolen 33 million phone numbers from U.S. messaging giant Twilio.
The Twilio breach compromised user data of Authy, a popular two-factor authentication app owned by Twilio. The hackers obtained mobile phone numbers associated with 33 million Authy accounts due to an unauthenticated endpoint. Although Twilio stated that there was no evidence of access to Twilio's systems or sensitive data, the breach increases the risk of phishing and smishing attacks targeting Authy users.
Hackers accessed the phone numbers of 93 individual Authy users and registered additional devices to their accounts. This allowed them to generate login codes for any connected 2FA-enabled account. Twilio has since removed unauthorized devices from the affected accounts and advised users to review linked accounts for suspicious activity.