The Target: U.S. messaging giant Twilio.
The Take: Data associated with Authy accounts, including 33 million phone numbers.
The Vector: Twilio detected that threat actors were able to identify data associated with Authy accounts, including phone numbers, due to an unauthenticated endpoint.
This breach is a stark reminder of how strong authentication controls are in an overall robust cybersecurity posture, and that good password hygiene plays a pivotal role in protection.