I think Twilio is running its own infrastructure so some of the attack risk is mitigated but there's still no prevention of doing things like temporarily rerouting SMS or other things like that through SS7 access.
Point being, SMS-based "authentication" is so laughably insecure as to be pointless if you become a target of someone who wants into your checking account.
Point being, SMS-based "authentication" is so laughably insecure as to be pointless if you become a target of someone who wants into your checking account.