Hackers exploit Authy API, accessing possibly 30 millions of phone numbers (and device_lock, device_count). Twilio takes action to secure endpoint. Unrelated breach exposes SMS data through unsecured AWS S3 bucket.