Are you talking about them being hacked (sort of) last year? But even then, if they had my keys, they would still need to know my logins and passwords to hack a site. I'm not trying to hijack or sidetrack RoboMan's thread, but I use Authy too, especially for its desktop app which also acts as a backup, and am wondering if I'm missing something else?
Keep in mind that even if you were caught in the midst of this Authy hack, your online accounts should still remain secured as long as your password and the email address associated with your account isn’t in the hands of the hackers. After all, this is exactly what two-factor authentication is meant for: Even when one of your login factors is compromised, a bad actor would still need the other factor to gain access. If you’re not a high-profile politician or an otherwise obvious target for hackers, it’s very unlikely that both of your factors will be hacked at the same time.