BEST OF THE WEB

Twilio attacked for the second time by the same hackers responsible for the August hack

Twilio, a U.S. communication services provider and messaging giant, confirmed a second breach in June in which cybercriminals gained access to customer contact data from the same threat actor as the August hack.

Confirmation of the second breach was buried in an update to a lengthy incident report from Twilio.

“The threat actor’s access was identified and eradicated within 12 hours,” Twilio said in its update, adding that customers whose information was impacted by the June incident were notified on July 2.

“In the June incident, a Twilio employee was socially engineered through voice phishing or ‘vishing’) to provide their credentials, and the malicious actor was able to access customer contact information for a limited number of customers,” Twilio said.

Twilio said the same attackers socially manipulated an employee through voice phishing, a tactic in which hackers make fraudulent phone calls by faking the company’s IT department to trick employees into handing over sensitive information. The Twilio employee in this case provided their corporate credentials, allowing the attacker to access customer contact information for a limited number of customers.

It also found that the access gained from the successful attack was identified and thwarted within 12 hours and that affected customers were notified on 2 July 2022.

Twilio also revealed in its update that the hackers responsible for the breach in August gained access to the data of 209 customers, an increase from the 163 customers announced on August 24. Twilio has not identified any of its affected customers, but some, such as the encrypted messaging app Signal, have notified users that they are affected by Twilio’s breach. The attackers also gained access to the accounts of 93 Authy users, Twilio’s two-factor authentication app.

The sources for this piece include an article in HackerNews.

IT World Canada Staff
IT World Canada Staffhttp://www.itworldcanada.com/
The online resource for Canadian Information Technology professionals.

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada

Featured Download

ITW in your inbox

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

More Best of The Web