Twilio hackers also breached the food delivery firm DoorDash

Twilio hackers also compromised the food delivery firm DoorDash, the attackers had access to company data, including customer and employee info.

On-demand food delivery service DoorDash disclosed a data breach, the threat actors behind the Twilio hack gained access to the company’s data.

DoorDash declared that malicious hackers stole credentials from employees of a third-party vendor, then used them to gain access to some of DoorDash’s internal tools. Then the attackers leveraged the internal tools’ access to data for both consumers and employees.

“DoorDash recently detected unusual and suspicious activity from a third-party vendor’s computer network. In response, we swiftly disabled the vendor’s access to our system and contained the incident.” reads a security notice published by the company. “Based on our investigation, we determined the vendor was compromised by a sophisticated phishing attack. The unauthorized party used the stolen credentials of vendor employees to gain access to some of our internal tools.”

DoorDash did not name the third-party vendor, but the company spokesperson Justin Crowley told to TechCrunch that the vendor breach is linked to the Twilio hack that took place on August 4.

The exposed consumers’ data includes names, email addresses, delivery addresses, and phone numbers. The notice states that for a small subset of customers, the threat actors accessed basic order information and partial credit card information, including the card type and the last four digits of the card number.

For employees, the information accessed by the attackers included names and phone numbers or email addresses, however, the information affected for each impacted individual may vary.

The threat actors behind the attacks on Twilio and Cloudflare have been linked to a large-scale phishing campaign that targeted 136 organizations, security firm Group-IB reported. Most of the victims are organizations providing IT, software development, and cloud services.

The campaign, codenamed 0ktapus, resulted in the compromise of 9,931 accounts, 3120 compromised user credentials with email.

Threat actors behind the 0ktapus campaign aimed at obtaining Okta identity credentials and two-factor authentication (2FA) codes from users of the targeted organizations. Then the attackers could gain unauthorized access to any enterprise resources by using this information.

In September 2019, DoorDash suffered another data breach that exposed the personal information of 4.9 million consumers, Dashers, and merchants.

Follow me on Twitter: @securityaffairs and Facebook

[adrotate banner=”9″]

[adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, Twilio)

[adrotate banner=”5″]

[adrotate banner=”13″]

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.