Twilio Confirms Data Breach Exposing 33 Million Authy User Phone Numbers

Hackers exploited an unsecured API endpoint, potentially enabling phishing and SIM swapping attacks.

Twilio detected the breach through an unauthenticated API endpoint, which has since been secured.
The stolen data includes phone numbers but no other sensitive information from Twilio's systems.
Users are advised to update their Authy apps on Android and iOS for the latest security patches.
Authy users should be vigilant against potential phishing and smishing attacks.
Previous breaches in 2022 also targeted Twilio, compromising employee credentials and Authy accounts.