It appears Authy read my Reddit post about multi device vulnerability. They just sent out this mass email. Thanks for everyone who added to the discussion and thanks to Authy for helping to improve our communities security!!

Dear Coinbase user,

We are notifying you because you currently, or have previously, used the Authy app to protect access to a Coinbase account. Due to a recent increase in sophisticated attacks targeting Coinbase users, we are taking extra precaution to protect your account.

In combination with social engineering and password theft, attackers are porting phone numbers (also known as SIM swapping). Once they fraudulently gain control of a user’s phone number, attackers can add new devices to an existing Authy account and take over access to a linked Coinbase account.

To combat these attacks, we will be automatically disabling the Authy multi-device setting and limiting the ability to use SMS to install Authy.

Here are the steps you need to take: To avoid being locked out of your Coinbase account, please immediately install the Authy app on your current device if you have not already. If you need to install the Authy app on a new device, you will need to re-enable multi-device in the Authy app settings, though we recommend you disable it again after you have finished adding another device.

Avoid sharing information regarding Coinbase or other bitcoin activity on social media. If you are still having trouble accessing your Coinbase account, please contact support@coinbase.com.

Further reading:

Understanding the Authy multi-device feature How to protect yourself from social engineering How to protect yourself from Porting and SIM Swapping

Thanks,

The Authy Team

Submitted June 07, 2017 at 07:51AM by PercentEvil
via reddit http://bit.ly/2rKhNii

Advertisements