Some Authy 2FA accounts were compromised in Twilio data breach

A white padlock on a dark digital background.
(Image credit:

2FA firm Authy is the latest company revealed to have been impacted by the Twilio data breach. 

A company update spotted by TechCrunch outlined how the app, which is owned by Twilio, had seen details of 93 user accounts exposed.

Twilio, which provides customizable tools to build communications platforms, acquired Authy in 2005. The app has around 75 million users worldwide, making it one of the most popular two-factor authentication services around.

Authy attack

In its report on the incident, Twilio says the hackers were able to use the extra access gained from the initial attack to register additional devices to the 93 affected accounts.

The company says it has now identified and removed the "unauthorized devices” from these accounts, but that users should review their linked logins and look for signs of suspicious activity, as well as disabling the app’s “Allow Multi-device” option.

"Twilio believes that the security of our customers’ data is of paramount importance, and when an incident occurs that might threaten that security, we communicate what happened in a transparent manner," the company wrote. "To that end, we are providing an overview of this incident impacting customer information and our response."

The news comes after security-focused messenger app Signal had the details of over 1,900 users compromised as a result of its exposure to Twilio. 

Okta has also revealed that 38 Okta-related phone numbers were compromised via Twilio’s administrative portals, according to a data breach report by the company.

Group IB has said that 10,000 accounts at more than 130 organizations were impacted by the phishing campaign, including marketing companies Mailchimp and Klaviyo.

Russian-founded cybersecurity firm Group-IB Threat Intelligence attributed the Twilio data breach to a criminal group dubbed "0ktapus".

The group allegedly used 169 unique domains as part of a large-scale phishing campaign that has been operational since March 2022. 

According to the firm's research 0ktapus mainly targeted US-based companies, providing IT, software development, and cloud services, with the aim of getting the credentials needed to access private data, corporate emails, and internal documents.

Group IB's research said it was not yet clear if the attacks by 0ktapus were planned "end-to-end in advance or whether opportunistic actions were taken at each stage".

  • Need an extra layer of security? Check out the best antvirus software

Via TechCrunch

Will McCurdy has been writing about technology for over five years. He has a wide range of specialities including cybersecurity, fintech, cryptocurrencies, blockchain, cloud computing, payments, artificial intelligence, retail technology, and venture capital investment. He has previously written for AltFi, FStech, Retail Systems, and National Technology News and is an experienced podcast and webinar host, as well as an avid long-form feature writer.