115

Authy Users' Phone Numbers Compromised via Twilio API Vulnerability(www.bleepingcomputer.com)

posted
by
Avatar
Kid@sh.itjust.worksM
in
Avatar
cybersecurity@sh.itjust.works
24 comments
hidereport
Sort:
HotTopControversialNewOld
You are viewing a single thread.
View all comments
Avatar
schizo@forum.uncomfortable.business
28 points

What confuses me is even a half-competent audit and pentest would absolutely have found an api endpoint that’s going to absolutely leak customer data, so the assumption I have to make is that, yet again, a “security” company can’t be fucked to do the bare minimum to ensure their security shit is you know, secure.

permalink
report
reply
Avatar
LordKitsuna@lemmy.world
8 points

Posting this against your comment for visibility, I would recommend anyone that was using authy switch to bitwarden’s dedicated 2F authentication app. The company maintains several security compliance certificates and fairly regularly gets audited which they post publicly at https://bitwarden.com/help/is-bitwarden-audited/

permalink
report
parent
reply
Avatar
schizo@forum.uncomfortable.business
3 points

Oh neat. I use their password manager but totally somehow missed them releasing a separate 2fa app.

permalink
report
parent
reply

Cybersecurity

!cybersecurity@sh.itjust.works

Create post

c/cybersecurity is a community centered on the cybersecurity and information security profession. You can come here to discuss news, post something interesting, or just chat with others.

THE RULES

Instance Rules

  • Be respectful. Everyone should feel welcome here.
  • No bigotry - including racism, sexism, ableism, homophobia, transphobia, or xenophobia.
  • No Ads / Spamming.
  • No pornography.

Community Rules

  • Idk, keep it semi-professional?
  • Nothing illegal. We’re all ethical here.
  • Rules will be added/redefined as necessary.

If you ask someone to hack your “friends” socials you’re just going to get banned so don’t do that.

Learn about hacking

Hack the Box

Try Hack Me

Pico Capture the flag

Other security-related communities !databreaches@lemmy.zip !netsec@lemmy.world !cybersecurity@lemmy.capebreton.social !securitynews@infosec.pub !netsec@links.hackliberty.org !cybersecurity@infosec.pub !pulse_of_truth@infosec.pub

Notable mention to !cybersecuritymemes@lemmy.world

Community stats

  • 1.7K

    Monthly active users

  • 427

    Posts

  • 892

    Comments

Community moderators