Image by Shutterstock
Digital communications platform fell victim to a sophisticated social engineering attack. As a result, threat actors gained access to customer data.
Phishers fooled some Twilio employees into providing their credentials and then used them to gain access to the company’s internal systems.
“More specifically, current and former employees recently reported receiving text messages purporting to be from our IT department. Typical text bodies suggested that the employee’s passwords had expired, or that their schedule had changed, and that they needed to log in to a URL the attacker controls,” Twilio said.
Criminals impersonated Twilio’s sign-in page by using words like Twilio, Okta, and SSO in the URLs.
“The text messages originated from US carrier networks. We worked with the U.S. carriers to shut down the actors and worked with the hosting providers serving the malicious URLs to shut those accounts down,” Twilio said.
The company called threat actors sophisticated as they could match employee names with their phone numbers.
“We have not yet identified the specific threat actors at work here but have liaised with law enforcement in our efforts. Socially engineered attacks are – by their very nature – complex, advanced, and built to challenge even the most advanced defenses,” the company said.
Twilio security team revoked access to the compromised employee accounts to mitigate the attack.
“As the threat actors were able to access a limited number of accounts’ data, we have been notifying the affected customers on an individual basis with the details. If you are not contacted by Twilio, then it means we have no evidence that your account was impacted by this attack,” the company concluded.
Subscribe to our newsletter