Authy

One of the most trusted 2FA apps Authy suffered from a data breach incident that exposed Authy users' information.

Hackers create extra login devices using user information in order to add all the multi-factor verification codes for the target account.

Twilio’s investigated the attack and contacted the affected users to provide instructions on how to protect their accounts:

1. Check any connected account for ominous activity, and if there is anything off, contact the account provider.

2. Examine all the devices connected to their Authy account, and take any more they don't recognize away.

3. Advised customers to add a backup device and turn "Allow Multi-device" off in the Authy application to avoid the addition of unauthorized devices.

Source: https://securityonline.info/well-known-multi-factor-authenticator-authy-hacked/

TPRM report: https://scoringcyber.rankiteo.com/company/authy

"id": "aut01931822",
"linkid": "authy",
"type": "Breach",
"date": "08/2022",
"severity": "100",
"impact": "6",
"explanation": "Attack threatening the economy of a geographical region"

{'affected_entities': [{'industry': 'Cybersecurity',
                        'name': 'Authy',
                        'type': 'Service'}],
 'attack_vector': 'Unauthorized Device Addition',
 'customer_advisories': ['Contacted affected users with instructions to '
                         'protect their accounts'],
 'data_breach': {'type_of_data_compromised': 'User Information'},
 'description': 'Authy suffered from a data breach incident that exposed Authy '
                "users' information. Hackers created extra login devices using "
                'user information to add all the multi-factor verification '
                'codes for the target account.',
 'impact': {'data_compromised': 'User Information',
            'systems_affected': 'Authy Accounts'},
 'initial_access_broker': {'entry_point': 'Unauthorized Device Addition'},
 'motivation': 'Unauthorized Access to User Accounts',
 'post_incident_analysis': {'corrective_actions': ['Instructed users to check '
                                                   'connected accounts for '
                                                   'suspicious activity',
                                                   'Instructed users to '
                                                   'examine and remove '
                                                   'unrecognized devices',
                                                   'Advised customers to add a '
                                                   'backup device and turn off '
                                                   "'Allow Multi-device'"],
                            'root_causes': 'Exposure of user information'},
 'recommendations': ['Check connected accounts for suspicious activity',
                     'Examine and remove unrecognized devices',
                     "Add a backup device and turn off 'Allow Multi-device'"],
 'response': {'communication_strategy': 'Contacted affected users with '
                                        'instructions to protect their '
                                        'accounts',
              'containment_measures': ['Instructed users to check connected '
                                       'accounts for suspicious activity',
                                       'Instructed users to examine and remove '
                                       'unrecognized devices',
                                       'Advised customers to add a backup '
                                       "device and turn off 'Allow "
                                       "Multi-device'"]},
 'threat_actor': 'Unknown Hackers',
 'title': 'Authy Data Breach',
 'type': 'Data Breach',
 'vulnerability_exploited': 'User Information Exposure'}