Twilio breach let hackers gain access to Authy 2FA accounts

Twilio’s investigation into the attack on August 4 reveals that hackers gained access to some Authy user accounts and registered unauthorized devices.

Authy is a two-factor authentication (2FA) service from Twilio that allows users to secure their online accounts where the feature is supported by identifying a second time via a dedicated app after typing in the login credentials.

When logging into an account with 2FA enabled, Authy will provide an additional one-time passcode required to login. This protects the account from being accessed even if the login credentials are compromised.

Read more…
Source: Bleeping Computer