authy2fa.com
Open in
urlscan Pro
2606:4700:3033::ac43:afce
Public Scan
Submitted URL: http://authy2fa.com/
Effective URL: https://authy2fa.com/
Submission: On April 27 via api from US — Scanned from DE
Effective URL: https://authy2fa.com/
Submission: On April 27 via api from US — Scanned from DE
Form analysis
2 forms found in the DOMGET https://www..com/cse
<form action="https://www..com/cse" id="searchform" method="get"><input autocomplete="off" id="s" name="q" placeholder="Search Here..." type="text" value="">
<input name="cx" type="hidden" value="partner-pub-7983783048239650:3179771210">
</form>
Name: f1 — POST https://inl02.netline.com/rssnews0001/
<form action="https://inl02.netline.com/rssnews0001/" class="clear cf" id="subform" method="post" name="f1" target="_blank">
<div class="email-box-h3"><ya-tr-span data-index="116-0" data-translated="false" data-source-lang="en" data-target-lang="ru" data-value="Join 100,000+ Professionals" data-translation="Присоединяйтесь к более чем 100 000 профессионалам" data-ch="0"
data-type="trSpan">Join 100,000+ Professionals</ya-tr-span></div>
<p><ya-tr-span data-index="117-0" data-translated="false" data-source-lang="en" data-target-lang="ru" data-value="Sign up for free and start receiving your daily dose of cybersecurity news, insights and tips."
data-translation="Зарегистрируйтесь бесплатно и начните получать ежедневную дозу новостей, идей и советов по кибербезопасности." data-ch="0" data-type="trSpan">Sign up for free and start receiving your daily dose of cybersecurity news, insights
and tips.</ya-tr-span></p>
<div class="email-input">
<input name="_submit" type="hidden" value="0001">
<input id="brand" name="brand" type="hidden" value="thehackernews">
<div class="e-book"><input checked="yes" id="opt_001" name="opt_001" type="checkbox" value="Y"><input checked="yes" id="opt_003" name="opt_003" type="checkbox" value="Y"></div><label class="visuallyhidden" for="input-email"><ya-tr-span
data-index="118-0" data-translated="false" data-source-lang="en" data-target-lang="ru" data-value="Email" data-translation="Электронная почта" data-ch="0" data-type="trSpan">Email</ya-tr-span></label><input class="text" id="input-email"
name="email" placeholder="Your e-mail address" required="" type="email" value="">
<button aria-label="Subscribe" id="submitform" type="submit" value="Subscribe"></button>
</div>
</form>
Text Content
Twilio Breach Also Compromised Authy Two-Factor Accounts of Some Users * Home * Newsletter * Store * Home * Data Breaches * Cyber Attacks * Vulnerabilities * Webinars * Store * Contact Resources * THN Store * Free eBooks * Freebies About Site * About THN * Jobs * Advertise with us Contact/Tip Us Reach out to get featured—contact us to send your exclusive story idea, research, hacks, or ask us a question or leave a comment/feedback! Follow Us On Social Media RSS Feeds Email Alerts Telegram Channel TWILIO BREACH ALSO COMPROMISED AUTHY TWO-FACTOR ACCOUNTS OF SOME USERS Aug 29, 2022Ravie Lakshmanan Twilio, which earlier this month became a sophisticated phishing attack, disclosed last week that the threat actors also managed to gain access to the accounts of 93 individual users of its Authy two-factor authentication (2FA) service. The communication tools company said the unauthorized access made it possible for the adversary to register additional devices to those accounts. It has since identified and removed the illegitimately added devices from the impacted accounts. Authy, acquired by Twilio in February 2015, allows safeguarding online accounts with a second security layer to prevent account takeover attacks. It's estimated to have nearly 75 million users. Twilio further noted its investigation as of August 24, 2022, turned up 163 affected customers, up from 125 it reported on August 10, whose accounts it said were hacked for a limited period of time. Besides Twilio, the sprawling campaign, dubbed 0ktapus by Group-IB, is believed to have struck 136 companies, including Klaviyo, MailChimp, and an unsuccessful attack against Cloudflare that was thwarted by the company's use of hardware security tokens. Targeted companies span technology, telecommunications, and cryptocurrency sectors, with the campaign employing a phishing kit to capture usernames, passwords, and one-time passwords (OTPs) via rogue landing pages that mimicked the Okta authentication pages of the respective organizations. The data was then secretly funneled to a Telegram account controlled by the cybercriminals in real-time, which enabled the threat actor to pivot and target other services in what's called a supply chain attack aimed at DigitalOcean, Signal, and Okta, effectively widening the scope and scale of the intrusions. In all, the phishing expedition is believed to have netted the threat actor at least 9,931 user credentials and 5,441 multi-factor authentication codes. Okta, for its part, confirmed the credential theft had a ripple effect, resulting in the unauthorized access of a small number of mobile phone numbers and associated SMS messages containing OTPs through Twilio's administrative console. Stating that the OTPs have a five-minute validity period, Okta said the incident involved the attacker directly searching for 38 unique phone numbers on the console – nearly all of them belonging to one single entity – with the goal of expanding their access. "The threat actor used credentials (usernames and passwords) previously stolen in phishing campaigns to trigger SMS-based MFA challenges, and used access to Twilio systems to search for one-time passwords sent in those challenges," Okta theorized. Okta, which is tracking the hacking group under the moniker Scatter Swine, further revealed its analysis of the incident logs "uncovered an event in which the threat actor successfully tested this technique against a single account unrelated to the primary target." UPCOMING WEBINAR Zero Trust + Deception: Learn How to Outsmart Attackers! Discover how Deception can detect advanced threats, stop lateral movement, and enhance your Zero Trust strategy. Join our insightful webinar! Save My Seat! Like in the case of Cloudflare, the identity and access management (IAM) provider reiterated that it's aware of several cases where the attacker sent out a blast of SMS messages targeting employees and their family members. "The threat actor likely harvests mobile phone numbers from commercially available data aggregation services that link phone numbers to employees at specific organizations," Okta pointed out. Another supply chain victim of the campaign is food delivery service DoorDash, which said it detected "unusual and suspicious activity from a third-party vendor's computer network," prompting the company to disable the vendor's access to its system to contain the breach. According to the company, the break-in permitted the attacker to access names, email addresses, delivery addresses, and phone numbers associated with a "small percentage of individuals." In select cases, basic order information and partial payment card information was also accessed. DoorDash, which has directly notified affected users, noted that the unauthorized party also obtained delivery drivers' (aka Dashers) names and phone numbers or email addresses, but emphasized that passwords, bank account numbers, and Social Security numbers were not accessed. The San Francisco-based firm did not divulge additional details on who the third-party vendor is, but it told TechCrunch that the breach is linked to the 0ktapus phishing campaign. Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post. SHARE Tweet Share Share Share Share on Facebook Share on Twitter Share on Linkedin Share on Reddit Share on Hacker News Share on Email Share on WhatsApp Share on Facebook Messenger Share on Telegram Comments SHARE phishing attack, Twilio Comments Breaking News Gets Court Order to Take Down CryptBot That Infecte... on Wednesday said it obtained a temporary court order in the U.S. to disrupt the d... Paperbug Attack: New Politically-Motivated Surveillance Ca... A little-known Russian-speaking cyber-espionage group has been linked to a new politicall... LimeRAT Malware Analysis: Extracting the Config... Remote Access Trojans (RATs) have taken the third leading position in ANY. RUN's Q1 2023 ... RTM Locker's First Linux Ransomware Strain Targeting NAS a... The threat actors behind RTM Locker have developed a ransomware strain that's capable of ... Cybersecurity Resources Save Time on Network Security With This Guide See how Perimeter 81's network security platform makes an IT Manager's workday more efficient. Webinar: Zero Trust + Deception: Learn How to Outsmart Attackers! Discover how Deception can detect advanced threats, stop lateral movement, and enhance your Zero Trust strategy. Get Training Top 2023 Cybersecurity Certifications for Only $99 Become a Cybersecurity Pro with most demanded 2023 top certifications training courses. A to Z Cybersecurity Certification Courses Master cybersecurity from A to Z with expert-led cybersecurity and IT certification training. Join 100,000+ Professionals Sign up for free and start receiving your daily dose of cybersecurity news, insights and tips. Email Connect with us! 892,500 Followers 1,950,000 Followers 445,500 Followers 20,800 Subscribers 142,000 Followers 110,000 Subscribers Company * About THN * Advertise with us * Contact Pages * Deals Store * Privacy Policy * Jobs Deals * Hacking * Development * Android RSS Feeds Contact Us © The Hacker News, 2023. All Rights Reserved. Оригинальный текст: Vulnerabilities Предложить перевод Отправить Спасибо, перевод отправлен Отключить подсказку с оригинальным текстом