Summary

  • Authy is a 2FA app that recently suffered a data breach that exposed more than 33 million phone numbers.
  • An unsecured API endpoint allowed threat actors to collect linked numbers.
  • If you think your personal information might be among the 33 million leaked numbers, consider securing your accounts with 2FA and be wary of SMS phishing attacks.
  • Lem453
    link
    fedilink
    English
    arrow-up
    8
    ·
    edit-2
    5 months ago

    Don’t use cloud based 2fa and you won’t need to wonder about this.

    Aegis is one of several opensource 2fa apps you can use instead.

      • Lem453
        link
        fedilink
        English
        arrow-up
        3
        ·
        5 months ago

        The same as for anything else if your phone gets stolen. You restore from backups.

        Aegis allows you to make a backup that you can keep yourself on your computer, your own cloud storage etc.

        Every OS has some kind of built in vault/encryption feature. Put the file in there. It only needs to be updated when you add another 2fa account (so very infrequently)