Twilio Customer Data Exposed after its Staffers got Phished

[R2D2]

Thanks @Lament are the trackers a recent discovery? Do you have a link where I could read more on this topic, please?

BTW I am using 2FAS on Android and iOS. Aegis on Android works very well too but 2FAS is just a backup app. I simply can't afford to have my TOTP tied down to a single mobile device, like Google Authenticator et al do, just in case of damage or loss. I'd been in deep trouble if I were to lose my TOTP device. The recovery process for scores of accounts with 2FA enabled would be a collective nightmare.

 

[R2D2]

Thanks, this is the report I saw: 2FAS Auth

And on Google Play here is what the developer says: 2FA Authenticator (2FAS)

I'll have to mull this over, moving to Ravio is now under consideration.

 

[upnorth]

The fallout from this month's breach of security provider Twilio keeps coming. Three new companies—authentication service Authy, password manager LastPass, and food delivery service DoorDash—said in recent days that the Twilio compromise led to them being hacked.

The three companies join authentication service Okta and secure messenger provider Signal in the dubious club of Twilio customers known to be breached in follow-on attacks that leveraged the data obtained by the intruders. In all, security firm Group-IB said on Thursday, at least 136 companies were similarly hacked, so it's likely many more victims will be announced in the coming days and weeks.

The number of companies caught up in the Twilio hack keeps growing

2FA provider Authy, password manager LastPass, and DoorDash all experienced breaches.

arstechnica.com

Roasting 0ktapus: The phishing campaign going after Okta identity credentials

Over 130 organizations have been compromised in a sophisticated attack using simple phishing kits

blog.group-ib.com