Summary
- Authy is a 2FA app that recently suffered a data breach that exposed more than 33 million phone numbers.
- An unsecured API endpoint allowed threat actors to collect linked numbers.
- If you think your personal information might be among the 33 million leaked numbers, consider securing your accounts with 2FA and be wary of SMS phishing attacks.
Wouldn’t it be great if independent auditors were standard, responsible for holding companies accountable for their data security practices, coupled with a rating system akin to those used in the banking sector? Before paying for a service, consumers would be aware of how secure the service is. Say A++ or AAA.
It would be a pain in Silicon Valley’s ass for sure, but it would go a long way toward giving consumers peace of mind and bringing about a whole new industry in the process.
No. No, that really would not be great.
This is already a thing but I believe it’s mostly only used by government institutions.
Google ISO27001, NIST CSF, FEDRAMP, PCI-DSS, SOC2, HIPAA
Rating schemes inevitably become subject to gaming and P2W.
Service providers need to be honest about their stack and its implementation, and people need to git gud.