Summary
- Authy is a 2FA app that recently suffered a data breach that exposed more than 33 million phone numbers.
- An unsecured API endpoint allowed threat actors to collect linked numbers.
- If you think your personal information might be among the 33 million leaked numbers, consider securing your accounts with 2FA and be wary of SMS phishing attacks.
The real important reminder here is that you should never use SMS as your 2FA delivery method. Phone numbers aren’t private and once associated with an account it’s far too easy to spoof/sim swap and intercept the code.
Someone needs to convince US Banks of this
That shit drives me nuts. Wanna be trusted with my life savings, but they can’t be bothered to implement modern security features until they’re already being phased out. I don’t know what will replace modern 2FA schemes, but I guarantee banks will adopt the current ones about three years after the replacements become standard.
Also, they’re charging you a poor tax for not having enough money, whether that’s a minimum balance or just accidentally spending a nickel more than you had on hand.