In the last few days, the encrypted messaging platform, ‘Signal’ confirmed a variety of their customers fell victim to the phishing attack on Twilio. It is estimated that 1,900 were affected by the breach via phone number and SMS verification links to “reset passwords” on a phony Twilio link. By posing as Twilio’s IT dept, the hackers were able to obtain victim’s login credentials. Unfortunately, it is still unclear who was behind this attack. Cloudflare also revealed they were subjected to a phishing attack around the very same time as Twilio, but was not breached as an end result owing to the corporation-vast use of hardware-centered, FIDO2-compliant multi-factor authentication (MFA) keys.


More

Security Insider: Passwordless authentication

Two-factor authentication (2FA), Fast IDentity Online (FIDO), WebAuthn, Push-to-Approve or Token – what is future-proof…

Read More →

SC Magazine: How orchestration can accelerate the end of passwords

The information industry is making a major push to improve identity and access management protocols…

Read More →

it-daily: The future of password security is passwordless

To create even more secure, easier and faster login solutions for everyone, 1Password has spent…

Read More →


Subscribe to the FIDO newsletter

Stay Connected, Stay Engaged

Receive the latest news, events, research and implementation guidance from the FIDO Alliance. Learn about digital identity and fast, phishing-resistant authentication with passkeys.