Comment by rvnx
2 years ago
> Twilio has detected that threat actors were able to identify data associated with Authy accounts, including phone numbers, due to an unauthenticated endpoint
Isn’t it what you are describing?
2 years ago
> Twilio has detected that threat actors were able to identify data associated with Authy accounts, including phone numbers, due to an unauthenticated endpoint
Isn’t it what you are describing?
Based on the reports that I’ve read so far, this vuln was different to the one I found, which was on an authenticated endpoint.
Definitely some similarities though, I’d love to see some concrete technical information on it.