twilio data breach: phishers fool employees into providing credentials
Jurgita Lapienytė , Deputy Chief Editor Updated on: 09 August 2022
twilio data breach: phishers fool employees into providing credentials

Image by Shutterstock

Digital communications platform fell victim to a sophisticated social engineering attack. As a result, threat actors gained access to customer data.

Phishers fooled some Twilio employees into providing their credentials and then used them to gain access to the company’s internal systems.

“More specifically, current and former employees recently reported receiving text messages purporting to be from our IT department. Typical text bodies suggested that the employee’s passwords had expired, or that their schedule had changed, and that they needed to log in to a URL the attacker controls,” Twilio said.

Criminals impersonated Twilio’s sign-in page by using words like Twilio, Okta, and SSO in the URLs.

“The text messages originated from US carrier networks. We worked with the U.S. carriers to shut down the actors and worked with the hosting providers serving the malicious URLs to shut those accounts down,” Twilio said.

twilio data breach: phishers fool employees into providing credentials

The company called threat actors sophisticated as they could match employee names with their phone numbers.

“We have not yet identified the specific threat actors at work here but have liaised with law enforcement in our efforts. Socially engineered attacks are – by their very nature – complex, advanced, and built to challenge even the most advanced defenses,” the company said.

Twilio security team revoked access to the compromised employee accounts to mitigate the attack.

“As the threat actors were able to access a limited number of accounts’ data, we have been notifying the affected customers on an individual basis with the details. If you are not contacted by Twilio, then it means we have no evidence that your account was impacted by this attack,” the company concluded.

Subscribe to our newsletter

TECH NEWS RELATED

Australia demands Optus pay for new customer ID documents

An Optus phone sign hangs above its store in Sydney, Australia, Thursday, Oct. 7, 2021. Australia’s federal and state governments on Wednesday, Sept. 28, 2022, called for Optus to pay for replacing identification documents including passports and driver’s licenses to avoid identity fraud after 9.8 million of the telecommunications ...

View more: Australia demands Optus pay for new customer ID documents

Cyberattacks a top concern across all business sizes, economic uncertainty a close second, new survey shows

Credit: Pixabay/CC0 Public Domain Cyberattacks are now so common that the majority of businesses responding to a new survey not only viewed them as their top concern but a majority saw a future attack on their organization as inevitable. An annual survey of businesses by insurance giant Travelers Cos., ...

View more: Cyberattacks a top concern across all business sizes, economic uncertainty a close second, new survey shows

Australian board directors urged to boost cybersecurity skills

Credit: Pixabay/CC0 Public Domain A University of Queensland study has identified a need to prioritize cybersecurity training for board directors, to better protect Australian organizations from cyber-attacks. Dr. Ivano Bongiovanni from the UQ Business School said his research found board directors were not always sure about their duties and ...

View more: Australian board directors urged to boost cybersecurity skills

Australian police probe purported hacker's ransom demand

A customer waits for service at a Optus phone store in Sydney, Australia, Thursday, Oct. 7, 2021. The Australian government said on Monday, Sept. 26, 2022, it was considering tougher cybersecurity rules for telecommunications companies after Optus, the nation’s second-largest wireless carrier, reported personal data of 9.8 million customers ...

View more: Australian police probe purported hacker's ransom demand

New report offers blueprint for regulation of facial recognition technology

Credit: Pixabay/CC0 Public Domain A new report from the University of Technology Sydney (UTS) Human Technology Institute outlines a model law for facial recognition technology to protect against harmful use of this technology, but also foster innovation for public benefit. Australian law was not drafted with widespread use of ...

View more: New report offers blueprint for regulation of facial recognition technology

Hackers leak French hospital patient data in ransom fight

Hackers who crippled a French hospital and stole a trove of data last month have released personal records of patients online, officials have confirmed. The cyberattackers demanded a multimillion dollar ransom from the Corbeil-Essonnes hospital near Paris a month ago, but the institution refused to pay. The hospital said the ...

View more: Hackers leak French hospital patient data in ransom fight

Python affected by 15-year-old bug that keeps on giving

In brief: The Python programming language is being impacted by security issue programmers have know about for a while. Trellix researchers recently rediscovered a bug, highlighting the risk for hundreds of thousands of software projects and creating patches for tens of thousands of them. Being one of the most ...

View more: Python affected by 15-year-old bug that keeps on giving

Quantum encryption to boost European autonomy

Credit: European Space Agency Cyberattacks and geopolitics threaten today’s increasingly digital world, leading to the disruption of essential supplies such as power and water. ESA, the European Commission and space companies in Europe are teaming up to work towards a highly secure, satellite-enabled connectivity system for the EU—based on ...

View more: Quantum encryption to boost European autonomy

Cyberattack steals passenger data from Portuguese airline

'Bad buzz': Gaming industry reels from 'Grand Theft Auto' hack

LA Unified cyberattackers demand ransom

Deepfake audio has a tell: Researchers use fluid dynamics to spot artificial imposter voices

Hackers accessed data on some American Airlines customers

'Grand Theft Auto' maker says game code stolen

Hackers are spreading malware through YouTube channels promoting game cheats

Color image encryption using an improved version of stream cipher and chaos

Hacker claims to breach Uber, security researcher says

Three questions about quantum computing and secure communications

EU wants to toughen cybersecurity rules for smart devices

FIFA 23 and other EA titles will come with controversial "kernel-mode" anti-cheat software

OTHER TECH NEWS

Top Car News Car News