Summary

  • Authy is a 2FA app that recently suffered a data breach that exposed more than 33 million phone numbers.
  • An unsecured API endpoint allowed threat actors to collect linked numbers.
  • If you think your personal information might be among the 33 million leaked numbers, consider securing your accounts with 2FA and be wary of SMS phishing attacks.
  • Altima NEO@lemmy.zip
    link
    fedilink
    English
    arrow-up
    14
    arrow-down
    1
    ·
    5 months ago

    Lol so what do you do when the 2fa app you use to protect your accounts is breached?

    • Lem453@lemmy.ca
      link
      fedilink
      English
      arrow-up
      8
      ·
      edit-2
      5 months ago

      Don’t use cloud based 2fa and you won’t need to wonder about this.

      Aegis is one of several opensource 2fa apps you can use instead.

        • Lem453@lemmy.ca
          link
          fedilink
          English
          arrow-up
          3
          ·
          5 months ago

          The same as for anything else if your phone gets stolen. You restore from backups.

          Aegis allows you to make a backup that you can keep yourself on your computer, your own cloud storage etc.

          Every OS has some kind of built in vault/encryption feature. Put the file in there. It only needs to be updated when you add another 2fa account (so very infrequently)

    • limerod@reddthat.comOPM
      link
      fedilink
      English
      arrow-up
      2
      ·
      5 months ago

      Good question. You would need to start by changing all your account passwords. Next export your 2 factor auth codes. Import your auth codes in a good open source auth app. Then, one by one set new auth codes for your accounts.

      This should be sufficient to protect your online accounts.