Summary

  • Authy is a 2FA app that recently suffered a data breach that exposed more than 33 million phone numbers.
  • An unsecured API endpoint allowed threat actors to collect linked numbers.
  • If you think your personal information might be among the 33 million leaked numbers, consider securing your accounts with 2FA and be wary of SMS phishing attacks.
  • @Substance_P
    link
    English
    105 months ago

    Wouldn’t it be great if independent auditors were standard, responsible for holding companies accountable for their data security practices, coupled with a rating system akin to those used in the banking sector? Before paying for a service, consumers would be aware of how secure the service is. Say A++ or AAA.

    It would be a pain in Silicon Valley’s ass for sure, but it would go a long way toward giving consumers peace of mind and bringing about a whole new industry in the process.

    • Carighan Maconar
      link
      English
      25 months ago

      coupled with a rating system akin to those used in the banking sector

      No. No, that really would not be great.

    • ddonuts4
      link
      English
      25 months ago

      This is already a thing but I believe it’s mostly only used by government institutions.

      Google ISO27001, NIST CSF, FEDRAMP, PCI-DSS, SOC2, HIPAA

    • @[email protected]
      link
      fedilink
      English
      14 months ago

      Rating schemes inevitably become subject to gaming and P2W.

      Service providers need to be honest about their stack and its implementation, and people need to git gud.