Data Breach

Twilio discloses data breach that impacted customers and employees

Communications company Twilio discloses a data breach after threat actors have stolen employee credentials in an SMS phishing attack.

Communications company Twilio discloses a data breach, threat actors had access to the data of some of its customers. The attackers accessed company systems using employee credentials obtained through a sophisticated SMS phishing attack.

Twilio is an American firm that provides programmable communication tools for making and receiving phone calls, sending and receiving text messages, and performing other communication functions using its web service APIs.

The company has more than 5,000 employees in 17 countries, and its revenues in 2021 are US$2.84 billion.

“On August 4, 2022, Twilio became aware of unauthorized access to information related to a limited number of Twilio customer accounts through a sophisticated social engineering attack designed to steal employee credentials. This broad based attack against our employee base succeeded in fooling some employees into providing their credentials. The attackers then used the stolen credentials to gain access to some of our internal systems, where they were able to access certain customer data.” Twilio said over the weekend.” reads the incident report published by Twilio.

The company did not disclose the number of affected employees and customers.

The company employees received phishing messages impersonating the IT department, the content of the messages informed the recipient that their passwords had expired, or that their schedule had changed, and urged them to log in to a URL the attacker controls. The URLs in the messages included words like “Twilio,” “Okta,” and “SSO” in the attempt to trick users into clicking on a link redirecting them to a landing page that impersonated Twilio’s sign-in page. The text messages originated from U.S. carrier networks.

“The text messages originated from U.S. carrier networks. We worked with the U.S. carriers to shut down the actors and worked with the hosting providers serving the malicious URLs to shut those accounts down,” continues the incident report. “Additionally, the threat actors seemed to have sophisticated abilities to match employee names from sources with their phone numbers.”

Twilio reported that it is aware of similar attacks that hit other companies, for this reason it has coordinated its response to the threat actors. The company is collaborating with carriers to stop the malicious messages, as well as their registrars and hosting providers to shut down the malicious URLs.

The company has also revoked access to the compromised employee accounts.

“As the threat actors were able to access a limited number of accounts’ data, we have been notifying the affected customers on an individual basis with the details. If you are not contacted by Twilio, then it means we have no evidence that your account was impacted by this attack.” concludes the report. “The Twilio Security Incident Response Team will post additional updates here if there are any changes. Also note that Twilio will never ask for your password or ask you to provide two-factor authentication information anywhere other than through the twilio.com portal.”

Follow me on Twitter: @securityaffairs and Facebook

[adrotate banner=”9″][adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, data breach)

[adrotate banner=”5″]

[adrotate banner=”13″]

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.

Recent Posts

Cisco warns of password-spraying attacks targeting Secure Firewall devices

Cisco warns customers of password-spraying attacks that have been targeting Remote Access VPN (RAVPN) services…

2 hours ago

American fast-fashion firm Hot Topic hit by credential stuffing attacks

Hot Topic suffered credential stuffing attacks that exposed customers' personal information and partial payment data.…

5 hours ago

Cisco addressed high-severity flaws in IOS and IOS XE software

Cisco addressed multiple vulnerabilities in IOS and IOS XE software that can be exploited to…

19 hours ago

Google: China dominates government exploitation of zero-day vulnerabilities in 2023

Google's Threat Analysis Group (TAG) and Mandiant reported a surge in the number of actively…

1 day ago

Google addressed 2 Chrome zero-days demonstrated at Pwn2Own 2024

Google addressed two zero-day vulnerabilities in the Chrome web browser that have been demonstrated during…

2 days ago

INC Ransom stole 3TB of data from the National Health Service (NHS) of Scotland

The INC Ransom extortion group hacked the National Health Service (NHS) of Scotland and is threatening…

2 days ago

This website uses cookies.