Twilio Authy contains an information disclosure vulnerability in its API that allows an unauthenticated endpoint to accept a request containing a phone number and respond with information about whether the phone number was registered with Authy.
Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
CWE-203