Summary
- Authy is a 2FA app that recently suffered a data breach that exposed more than 33 million phone numbers.
- An unsecured API endpoint allowed threat actors to collect linked numbers.
- If you think your personal information might be among the 33 million leaked numbers, consider securing your accounts with 2FA and be wary of SMS phishing attacks.
- apotheotic (she/her) ( @apotheotic@beehaw.org ) English19•2 months ago
consider securing your accounts with 2FA
But authy is the 2FA - what should their users be doing?
- Lem453 ( @Lem453@lemmy.ca ) English4•2 months ago
Not using cloud based 2fa which is dumb to begin with
- apotheotic (she/her) ( @apotheotic@beehaw.org ) English3•2 months ago
Okay but they’re already using it so its a bit late for that.
- Altima NEO ( @altima_neo@lemmy.zip ) English7•2 months ago
Lol so what do you do when the 2fa app you use to protect your accounts is breached?
- Lem453 ( @Lem453@lemmy.ca ) English6•2 months ago
Don’t use cloud based 2fa and you won’t need to wonder about this.
Aegis is one of several opensource 2fa apps you can use instead.
Good question. You would need to start by changing all your account passwords. Next export your 2 factor auth codes. Import your auth codes in a good open source auth app. Then, one by one set new auth codes for your accounts.
This should be sufficient to protect your online accounts.
- Dymonika ( @Dymonika@beehaw.org ) English1•2 months ago
Are your bullet points AI-gen, though? The way the third bullet talked about 2FA basically kept no context of the article
They are not my bullet points. It’s from the android police article. It’s possible the author used a LLM software to generate a summary for the article.
- umbrella ( @umbrella@lemmy.ml ) English3•2 months ago
this is why i hate 2fa.
just another attack vector.
- Bezier ( @Bezier@suppo.fi ) English4•2 months ago
That’s like saying that the second key of a 2-key nuke launch console is an extra attack vector.
The breach was because of an unsecured API endpoint. No actual auth codes were leaked. without 2FA the attacker would just need your password and email to get account access.
- Possibly linux ( @possiblylinux127@lemmy.zip ) English1•2 months ago
Don’t throw the baby out with the bath water
- Toes♀ ( @Toes@ani.social ) English2•2 months ago
Twilio has a really cool API that lets you resolve phone numbers to what carrier and if it’s been ported.
Shame to see they got pwned.
- Possibly linux ( @possiblylinux127@lemmy.zip ) English1•2 months ago
Whoops my bad