this post was submitted on 06 Jul 2024
76 points (100.0% liked)

Android

407 readers
8 users here now

The new home of /r/Android on Lemmy and the Fediverse!

Android news, reviews, tips, and discussions about rooting, tutorials, and apps.

πŸ”—Universal Link: !android@lemdro.id

πŸ’‘Content Philosophy:

Content which benefits the community (news, rumours, and discussions) is generally allowed and is valued over content which benefits only the individual (technical questions, help buying/selling, rants, self-promotion, etc.) which will be removed if it's in violation of the rules.

Support, technical, or app related questions belong in: !askandroid@lemdro.id

For fresh communities, lemmy apps, and instance updates: !lemdroid@lemdro.id

πŸ’¬Matrix Chat

πŸ’¬Telegram channels / chats

πŸ“°Our communities below

Rules

  1. Stay on topic: All posts should be related to the Android OS or ecosystem.

  2. No support questions, recommendation requests, rants, or bug reports: Posts must benefit the community rather than the individual. Please post to !askandroid@lemdro.id.

  3. Describe images/videos, no memes: Please include a text description when sharing images or videos. Post memes to !androidmemes@lemdro.id.

  4. No self-promotion spam: Active community members can post their apps if they answer any questions in the comments. Please do not post links to your own website, YouTube, blog content, or communities.

  5. No reposts or rehosted content: Share only the original source of an article, unless it's not available in English or requires logging in (like Twitter). Avoid reposting the same topic from other sources.

  6. No editorializing titles: You can add the author or website's name if helpful, but keep article titles unchanged.

  7. No piracy or unverified APKs: Do not share links or direct people to pirated content or unverified APKs, which may contain malicious code.

  8. No unauthorized polls, bots, or giveaways: Do not create polls, use bots, or organize giveaways without first contacting mods for approval.

  9. No offensive or low-effort content: Don't post offensive or unhelpful content. Keep it civil and friendly!

  10. No affiliate links: Posting affiliate links is not allowed.

Quick Links

Our Communities

Lemmy App List

Chat and More

founded 1 year ago
MODERATORS
ijeff@lemdro.id
ladfrombrad@lemdro.id
Paradox@lemdro.id
multimoon@lemdro.id
mikestevens@lemdro.id
limerod@reddthat.com
Netrunner@lemdro.id
76
Twilio breach leaks over 30 million Authy-linked phone numbers (www.androidpolice.com)
submitted 4 months ago by limerod@reddthat.com to c/android@lemdro.id
15 comments fedilink hide all child comments
 

Summary

  • Authy is a 2FA app that recently suffered a data breach that exposed more than 33 million phone numbers.
  • An unsecured API endpoint allowed threat actors to collect linked numbers.
  • If you think your personal information might be among the 33 million leaked numbers, consider securing your accounts with 2FA and be wary of SMS phishing attacks.
top 15 comments
sorted by: hot top controversial new old
[–] apotheotic 19 points 4 months ago (3 children)

consider securing your accounts with 2FA

But authy is the 2FA - what should their users be doing?

[–] Lem453@lemmy.ca 4 points 4 months ago (1 children)

Not using cloud based 2fa which is dumb to begin with

[–] apotheotic 3 points 4 months ago* (last edited 4 months ago)

Okay but they're already using it so its a bit late for that.

load more comments (2 replies)
[–] altima_neo@lemmy.zip 7 points 4 months ago (3 children)

Lol so what do you do when the 2fa app you use to protect your accounts is breached?

[–] Lem453@lemmy.ca 6 points 4 months ago* (last edited 4 months ago)

Don't use cloud based 2fa and you won't need to wonder about this.

Aegis is one of several opensource 2fa apps you can use instead.

[–] limerod@reddthat.com 1 points 4 months ago (1 children)

Good question. You would need to start by changing all your account passwords. Next export your 2 factor auth codes. Import your auth codes in a good open source auth app. Then, one by one set new auth codes for your accounts.

This should be sufficient to protect your online accounts.

[–] Dymonika 1 points 4 months ago (1 children)

Are your bullet points AI-gen, though? The way the third bullet talked about 2FA basically kept no context of the article

[–] limerod@reddthat.com 1 points 4 months ago

They are not my bullet points. It's from the android police article. It's possible the author used a LLM software to generate a summary for the article.

load more comments (1 replies)
[–] umbrella@lemmy.ml 3 points 4 months ago (3 children)

this is why i hate 2fa.

just another attack vector.

[–] Bezier@suppo.fi 4 points 4 months ago

That's like saying that the second key of a 2-key nuke launch console is an extra attack vector.

[–] limerod@reddthat.com 2 points 4 months ago

The breach was because of an unsecured API endpoint. No actual auth codes were leaked. without 2FA the attacker would just need your password and email to get account access.

[–] possiblylinux127@lemmy.zip 2 points 4 months ago

Don't throw the baby out with the bath water

[–] Toes@ani.social 2 points 4 months ago

Twilio has a really cool API that lets you resolve phone numbers to what carrier and if it's been ported.

Shame to see they got pwned.

[–] possiblylinux127@lemmy.zip 1 points 4 months ago* (last edited 4 months ago)

Whoops my bad