Responding to the Twilio Authy Hack
Disaster Recovery Plans for Multi Factor Authentication Apps
Early July 2024, Twilio has disclosed that hackers took advantage of an unauthenticated endpoint in Authy's API to enumerate data associated with Authy accounts, including phone numbers.
Following the compromise of Twilio's Authy multi factor authentication (MFA) application available for iOS and Android, we've investigated the lesser explored aspects of MFA.
Everyone recommends it but what should you do in case MFA fails?
We've put together an action plan, better known in security terms as Disaster Recovery (DR) plan on the key actions to take. This can be used with any MFA application.
Check the news and the software's website to find out if you are affected.
Install the latest version of the app and keep monitoring for new releases as usually security teams tend to release updates as soon as they've identified the reason for the breach.
In the case of Authy only mobile numbers where exposed which reduces the imminent risk.
Make sure you don't use SMS for any authentication purposes as that's a weaker form of MFA and can be a main target following this breach.
Heighten awareness within your team against phishing attacks, especially the ones leveraging phone numbers.
Monitor Twilio's website for further security updates regarding this incident.
Bonus step - learn from the incident and improve.
Migrate MFA provider to a service that doesn't require mobile numbers to reduce your digital footprint and attack surface.
Feel free to copy this article and make it your own disaster recovery plan.
If you are looking for a custom DR plan, contact us at contact@rivanorth.com
As a leading cybersecurity company, we are on the forefront of security research, constantly monitoring for emerging threats. With best in class security expertise, we are able to help you secure your assets to the highest levels.
Visit rivanorth.com to find out more.
You build the future. We help you secure it.