Twilio suffers data breach after its employees were targeted by a phishing campaign

Twilio suffers data breach after its employees were targeted by a phishing campaign

Trending 3 months ago 17

Digital connection level Twilio was hacked aft a phishing run tricked its employees into revealing their login credentials (via TechCrunch). The institution disclosed the information breach successful a station connected its blog, noting that lone “a constricted number” of lawsuit accounts were affected by the attack. Twilio allows web services to nonstop SMS messages and spot dependable calls implicit telephone networks and is utilized by companies including Uber, Twitter, and Airbnb.

The hack occurred connected August 4th and progressive a atrocious histrion sending SMS messages to Twilio employees that asked them to reset their password oregon alerted them to a alteration successful their schedule. Each connection included a nexus with keywords, similar “Twilio,” “SSO” (single sign-on), and “Okta,” the sanction of the idiosyncratic authentication work utilized by galore companies. The nexus directed employees to a leafage that mimicked a existent Twilio sign-in page, allowing hackers to cod the accusation employees inputted there.

After it became alert of the breach, Twilio worked with US telephone carriers to unopen down the SMS strategy and besides had web hosting platforms instrumentality down the phony sign-in pages. Despite this, Twilio says that hackers managed to swap to caller hosting providers and mobile carriers to proceed their campaign.

“Based connected these factors, we person crushed to judge the menace actors are well-organized, blase and methodical successful their action,” Twilio adds. “Socially engineered attacks are — by their precise quality — complex, advanced, and built to situation adjacent the astir precocious defenses.”

Twilio’s moving with instrumentality enforcement to find retired who’s liable for the run and says it besides heard from companies that “were taxable to akin attacks.” Twilio has since unopen down entree to the compromised worker accounts and volition besides alert immoderate customers affected by the breach.

Social engineering is becoming an progressively communal maneuver for hackers. Earlier this year, a study from Bloomberg revealed that some Apple and Meta shared information with hackers pretending to beryllium instrumentality enforcement officials. Last year, a hacker tricked a Robinhood lawsuit work representative into disclosing the accusation of implicit 7 cardinal customers.

style="display:block" data-ad-client="ca-pub-6050020371266145" data-ad-slot="7414032534" data-ad-format="auto" data-full-width-responsive="true">