Twilio Suffers Data Breach After Employees Fall Victim to SMS Phishing Attack

Cyber Security

Products You May Like

Customer engagement platform Twilio on Monday disclosed that a “sophisticated” threat actor gained “unauthorized access” using an SMS-based phishing campaign aimed at its staff to gain information on a “limited number” of accounts.

The social-engineering attack was bent on stealing employee credentials, the company said, calling the as-yet-unidentified adversary “well-organized” and “methodical in their actions.” The incident came to light on August 4.

“This broad based attack against our employee base succeeded in fooling some employees into providing their credentials,” it said in a notice. “The attackers then used the stolen credentials to gain access to some of our internal systems, where they were able to access certain customer data.”

CyberSecurity

The communications giant has 268,000 active customer accounts, and counts companies like Airbnb, Box, Dell, DoorDash, eBay, Glassdoor, Lyft, Salesforce, Stripe, Twitter, Uber, VMware, Yelp, and Zendesk among its clients. It also owns the popular two-factor authentication (2FA) service Authy.

Twilio, which is still continuing its investigation into the hack, noted it’s working directly with customers who were impacted. It didn’t disclose the scale of the attack, the number of employee accounts that were compromised, or what types of data may have been accessed.

Phishing schemes, both leveraging email and SMS, are known to lean on aggressive scare tactics to coerce victims into handing over their sensitive information. This is no exception.

SMS Phishing Attack

The SMS messages are said to have been sent to both current and former employees masquerading as coming from its IT department, luring them with password expiry notifications to click on malicious links.

The URLs included words such as “Twilio,” “Okta,” and “SSO” (short for single sign-on) to increase the chance of success and redirected the victims to a phony website that impersonated the company’s sign-in page. It’s not immediately clear if the breached accounts were secured by 2FA protections.

CyberSecurity

Twilio said the messages originated from U.S. carrier networks and that it worked with the telecom service and hosting providers to shut down the scheme and the attack infrastructure used in the campaign. The takedown efforts, however, have been offset by the attackers migrating to other carriers and hosting providers.

“Additionally, the threat actors seemed to have sophisticated abilities to match employee names from sources with their phone numbers,” it noted.

The San Francisco-based firm has since revoked access to the compromised employee accounts to mitigate the attack, adding it’s examining additional technical safeguards as a preventive measure.

The disclosure arrives as spear-phishing continues to be a major threat faced by enterprises. Last month, it emerged that the $620 million Axie Infinity hack was the consequence of one of its former employees getting tricked by a fraudulent job offer on LinkedIn.

Products You May Like

Articles You May Like

NASA’s Perseverance Rover Ascends Jezero Crater, Exploring Mars’ Ancient Terrain
OpenAI and Anthropic agree to let U.S. AI Safety Institute test and evaluate new models
Meta Considers New Mixed Reality Glasses as Headsets Alternative: Report
Oppo Find X8 Series Tipped to Offer an Extra Button for Quick Actions
Scientists Uncover Invisible Ambipolar Electric Field Around Earth for First Time, New Study Reveals

Leave a Reply

Your email address will not be published. Required fields are marked *