A Reddit post that has now been deleted, showed a screenshot of an email from Authy. In the screenshot it says that Authy will be automatically disabling multi-device support to prevent further attacks on Coinbase users.
Read my other blog post that explains the Authy phone porting attack here
Read an older blog post from Authy explaining multi-device support here
This is scary stuff. People don't understand how vulnerable their phones are. The idea that someone can "hack" your phone is not even on the radar for most people.
Would you say that using Gmail as the 2nd authentication is a safer bet? In that case, so long as Google stays secure and my own password is not compromised, I think I'm safe from all currently known attack vectors
Completely agreed. In reality, the attack where people's Authy accounts are getting compromised, is extremely complicated. Most people wouldn't even think it was possible until after it happened.
Right now the recommended authenticator seems to be Google Authenticator as you've pointed out. There are a few other things you should do as well though. One is to make sure that you are using two factor on your email address. I believe that the victims of these attacks were not using 2fa on their email. The other thing is that you should probably remove any recovery phone numbers that are associated with the email you used to sign up for Coinbase. Unfortunately the phone porting attack could be used to take over the email address, which could lead us down a similar attack path that could result in the Coinbase account being compromised again. So TL;DR: use Google Authenticator on everything you can, and remove recovery phone numbers from all important accounts.