BreachForums and the Twilio Data Breach: Details on 33 Million People Leaked

Recently, tens of millions of accounts allegedly originating from Authy (Twilio) had been leaked on the notorious re-launched BreachForums hacking forum. Learn what happened here.

Preface

Many readers of this blog will be aware of BreachForums. BreachForums was the hacker forum that was shut down in an apparent international law enforcement operation just a couple of months ago, and not even a couple months later, it appeared again. BreachForums appeared again with a boom – actors on BreachForums had apparently boasted of having breached TicketMaster, and a little later, actors on the forum leaked data on Authy users as well.

What is BreachForums?

We’ll begin by answering the burning question – what is BreachForums? Many would define it as an English-speaking black-hat cybercrime forum that acts as a successor to RaidForums. After both RaidForums and BreachForums were taken down though, some speculated that another forum under the name of Breach Nation may appear – but so far, that doesn’t seem to be the case.

According to DarkOwl, BreachForums was seized by the FBI on May 15, 2024, but weeks after that “incident” resurfaced.

Some news sources have speculated that the website may be under the control of a hacker group called ShinyHunters – the same group that appears to have leaked the Twilio data.

What are ShinyHunters?

ShinyHunters is a hacker group said to be active on BreachForums as well as on other forums and allegedly involved in various notable data breaches in that of AT&T, Tokopedia, Wishbone, Microsoft, Wattpad, Mashable, and others. Some may say that hacks may be accredited to ShinyHunters without being done by them “for reputation” in the cybercrime world or for other reasons.

No matter who ShinyHunters are, they’re certainly skilled – and it’s a pity that they’re using their skill not for something constructive but to wreak havoc – but hey, to each their own.

The Authy Data Breach and BreachForums

Now that you know a little about the world involving these actors, you may not be surprised that another data breach that was seemingly accredited to them surfaced on the web too.

We’re talking about the Authy data breach – Authy was a company acquired by Twilio in 2015 for an undisclosed amount, and this week, it’s safe to say that their engineers aren’t in the best mood ever. They have a good reason: Authy, a service belonging to Twilio, was breached and data on more than 33 million people has been leaked on BreachForums.

Twilio themselves say that threat actors are likely to have accessed data associated with Authy accounts including phone numbers due to an endpoint that was left unprotected. Seemingly, after accessing the data, hackers made a copy of the data and dumped it on BreachForums.

What Can We Do?

The question for the users of Authy would be as follows: “What can we do to minimize the amount of damage done by the Authy data breach that’s dumped on BreachForums?” and thankfully, we have a rather simple answer – follow security advice that you receive again and again!

To protect yourself from upcoming identity theft and other attacks as a result of the data being shared on BreachForums (brace for attacks – they’re coming), it would be a good idea to make use of data breach search engines such as BreachDirectory.

Data breach search engines exist for a reason – they help you protect yourself from identity theft attacks by letting you search for your account through loads of leaked data breaches to better protect yourself, your employees, and the people around you. The data breach search engine built by BreachDirectory looks like so:

The data breach search engine allows you to search through data breaches that may be found on RaidForums, BreachForums, and other hacking forums free of charge providing you with a response whether your account is at risk of identity theft or not.

After you‘ve searched for yourself on BreachDirectory, you can go ahead and start changing your passwords one by one if your account is impacted, so that if they fall victim to identity theft or credential stuffing attacks originating from BreachForums or any other cybercrime forum, your accounts will be safe.

The data breach engine by BreachDirectory also allows you to search with „fuzzy matching“: i.e. using the wildcard or regex search modes. Those two modes allow you to search for accounts that may be exposed in data breaches by using regular expressions or wildcards in place of certain characters, too.

Needless to say, BreachDirectory also has an API that you can use should you want to implement the data into your own infrastructure to protect yourself or your customers.

Protect yourself and your data now – purchase access to the BreachDirectory API today.

Summary

It‘s unfortunate to hear about companies being breached, but that‘s the reality on the web these days. It is unfortunate to see forums like BreachForums exist, but things are unlikely to change in the near future.

To protect yourself from the damage done by actors on BreachForums, RaidForums, or other cybercrime forums, make use of the BreachDirectory API and the BreachDirectory data breach engine, and until next time.

Frequently Asked Questions – BreachForums

What are BreachForums and RaidForums?

BreachForums and RaidForums are two prominent english-speaking hacking forums. It is said that BreachForums formed after RaidForums fell apart which wouldn‘t be surprising.

How Did the Twilio Data Breach Happen and Why Was the Data Shared on BreachForums?

People say that Twilio got breached due to an endpoint that was left unprotected. Some say that the actors that breached Twilio are affiliated with BreachForums.

What Can We Do to Protect Ourselves From Identity Theft and Bad Actors on BreachForums?

To protect yourself from identity theft, make use of data breach search engines like BreachDirectory and others, and be wary of the data shared on cybercriminal forums like RaidForums, BreachForums, and the like.