Authy got hacked, and 33 million user phone numbers were stolen - eviltoast
  • ___@lemm.ee
    link
    fedilink
    English
    arrow-up
    12
    ·
    6 months ago

    Friendly reminder to change your master password. You’re one SIM jack away from having your life locked away for ransom. They didn’t breach the seeds, but next time who knows. I would start migrating and changing 2FA codes just in case. You never know who might be spraying.

    • COASTER1921@lemmy.ml
      link
      fedilink
      English
      arrow-up
      7
      ·
      6 months ago

      The problem is so many services requiring SMS to be that second factor. From what I’ve heard it’s easy enough to steal a sim that if you’re being explicitly targeted it’s basically the same as no second factor. Yet even if using an authenticator app most services require you to still have SMS/phone as another option for the 2FA.

      For Authy specifically they’d need to guess your master password and then hijack your phone number, and for users of Authy I suspect their passwords are not easily guessed as it’s already a step above the standard SMS only 2FA most services require.