Digital communication platform Twilio has suffered a data breach after some of the company’s employees have fallen victim to a phishing campaign which tricked them into providing their login credentials.
Twilio revealed in a blog post that the incident occurred on August 4, noting that only “a limited number” of customer accounts were affected by the attack.
The phishing campaign involved text messages sent to Twilio’s former and current employees ostensibly from the company’s IT department stating that their passwords have expired, or their schedule has changed and they need to log in to a URL provided in the message.
The URLs used words including “Twilio,” “Okta,” and “SSO” to try and trick users to click on a link taking them to a landing page that impersonated Twilio’s sign-in page. The text messages originated from US carrier networks.
“We worked with the US carriers to shut down the actors and worked with the hosting providers serving the malicious URLs to shut those accounts down. Additionally, the threat actors seemed to have sophisticated abilities to match employee names from sources with their phone numbers,” Twilio wrote.
The attackers then used the stolen credentials to gain access to Twilio’s internal systems and certain customer data.
While a culprit behind the phishing campaign has yet to be identified, Twilio believes that “the threat actors are well-organized, sophisticated and methodical in their actions.”
Twilio said it revoked access to the compromised employee accounts after confirming the incident and brought in cybersecurity experts to aid the investigation.