This is Authy's second breach in two years

Summary

  • Authy is a 2FA app that recently suffered a data breach that exposed more than 33 million phone numbers.
  • An unsecured API endpoint allowed threat actors to collect linked numbers.
  • If you think your personal information might be among the 33 million leaked numbers, consider securing your accounts with 2FA and be wary of SMS phishing attacks.
    • Lem453@lemmy.caEnglish
      0·
      4 months ago

      Don’t use cloud based 2fa and you won’t need to wonder about this.

      Aegis is one of several opensource 2fa apps you can use instead.

    • limerod@reddthat.comOPMEnglish
      0·
      4 months ago

      Good question. You would need to start by changing all your account passwords. Next export your 2 factor auth codes. Import your auth codes in a good open source auth app. Then, one by one set new auth codes for your accounts.

      This should be sufficient to protect your online accounts.

      • Dymonika@beehaw.orgEnglish
        1·
        4 months ago

        Are your bullet points AI-gen, though? The way the third bullet talked about 2FA basically kept no context of the article

        • limerod@reddthat.comOPMEnglish
          1·
          4 months ago

          They are not my bullet points. It’s from the android police article. It’s possible the author used a LLM software to generate a summary for the article.

  • Substance_P@lemmy.worldEnglish
    1·
    4 months ago

    Wouldn’t it be great if independent auditors were standard, responsible for holding companies accountable for their data security practices, coupled with a rating system akin to those used in the banking sector? Before paying for a service, consumers would be aware of how secure the service is. Say A++ or AAA.

    It would be a pain in Silicon Valley’s ass for sure, but it would go a long way toward giving consumers peace of mind and bringing about a whole new industry in the process.

  • evo@sh.itjust.worksEnglish
    01·
    4 months ago

    The real important reminder here is that you should never use SMS as your 2FA delivery method. Phone numbers aren’t private and once associated with an account it’s far too easy to spoof/sim swap and intercept the code.