9 August 2022

Twilio suffers data breach after employees tricked in phishing attack


Twilio suffers data breach after employees tricked in phishing attack

Digital communication platform Twilio has suffered a data breach after some of the company’s employees have fallen victim to a phishing campaign which tricked them into providing their login credentials.

Twilio revealed in a blog post that the incident occurred on August 4, noting that only “a limited number” of customer accounts were affected by the attack.

The phishing campaign involved text messages sent to Twilio’s former and current employees ostensibly from the company’s IT department stating that their passwords have expired, or their schedule has changed and they need to log in to a URL provided in the message.

The URLs used words including “Twilio,” “Okta,” and “SSO” to try and trick users to click on a link taking them to a landing page that impersonated Twilio’s sign-in page. The text messages originated from US carrier networks.

“We worked with the US carriers to shut down the actors and worked with the hosting providers serving the malicious URLs to shut those accounts down. Additionally, the threat actors seemed to have sophisticated abilities to match employee names from sources with their phone numbers,” Twilio wrote.

The attackers then used the stolen credentials to gain access to Twilio’s internal systems and certain customer data.

While a culprit behind the phishing campaign has yet to be identified, Twilio believes that “the threat actors are well-organized, sophisticated and methodical in their actions.”

Twilio said it revoked access to the compromised employee accounts after confirming the incident and brought in cybersecurity experts to aid the investigation.


Back to the list

Latest Posts

Cyber security week in review: September 23, 2022

Cyber security week in review: September 23, 2022

The world in brief: Cryptomarket maker Wintermute robbed of $160M in a hack, old Python bug potentially affects 350,000 open-source projects, and more.
23 September 2022
Unpatched 15-year-old Python vulnerability puts at risk over 350,000 open-source projects

Unpatched 15-year-old Python vulnerability puts at risk over 350,000 open-source projects

The vulnerable Python tarfile module is found extensively in frameworks created by Netflix, AWS, Intel, Facebook, Google and other software.
22 September 2022
Malicious actors continue to abuse Google Tag Manager tool to install e-skimmers

Malicious actors continue to abuse Google Tag Manager tool to install e-skimmers

The researchers said they discovered three variants of malicious scripts hidden within GTM containers that function either as e-skimmers or as downloaders for installing e-skimmers.
21 September 2022