Summary

  • Authy is a 2FA app that recently suffered a data breach that exposed more than 33 million phone numbers.
  • An unsecured API endpoint allowed threat actors to collect linked numbers.
  • If you think your personal information might be among the 33 million leaked numbers, consider securing your accounts with 2FA and be wary of SMS phishing attacks.
  • Altima NEOEnglish
    156 months ago

    Lol so what do you do when the 2fa app you use to protect your accounts is breached?

    • @[email protected]English
      86 months ago

      Don’t use cloud based 2fa and you won’t need to wonder about this.

      Aegis is one of several opensource 2fa apps you can use instead.

      • DogEnglish
        26 months ago

        Ok, but what happens if your phone gets stolen?

        • @[email protected]English
          36 months ago

          The same as for anything else if your phone gets stolen. You restore from backups.

          Aegis allows you to make a backup that you can keep yourself on your computer, your own cloud storage etc.

          Every OS has some kind of built in vault/encryption feature. Put the file in there. It only needs to be updated when you add another 2fa account (so very infrequently)

    • @[email protected]OPMEnglish
      26 months ago

      Good question. You would need to start by changing all your account passwords. Next export your 2 factor auth codes. Import your auth codes in a good open source auth app. Then, one by one set new auth codes for your accounts.

      This should be sufficient to protect your online accounts.