Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybercrime

Twilio Says Employees Targeted in Separate Smishing, Vishing Attacks

Enterprise communications firm Twilio has concluded its investigation into the recent data breach and revealed on Thursday that its employees were targeted in smishing and vishing attacks on two separate occasions.

Enterprise communications firm Twilio has concluded its investigation into the recent data breach and revealed on Thursday that its employees were targeted in smishing and vishing attacks on two separate occasions.

On August 7, Twilio revealed that it had detected unauthorized access to information related to customer accounts a few days earlier. A probe revealed that the breach was a result of an SMS phishing (smishing) attack targeting the company’s employees.

At around the same time, Cloudflare said it had also been targeted and a few weeks later it came to light that the companies were targeted as part of a massive phishing campaign that hit over 130 organizations. The attackers appeared to be financially motivated.

Twilio has now concluded its investigation. The company says the attackers were locked out of its systems on August 9 and that only 209 of its more than 270,000 customers were impacted, as well as 93 of 75 million Authy end user accounts. There is no evidence that the threat actors accessed Twilio customer console account credentials, authentication tokens or API keys.

Twilio’s final report reveals that the same threat actor was likely also responsible for an attack that targeted the company in late June. The firm described it as a “brief security incident” that involved voice phishing (vishing). The attackers used social engineering to trick an employee into handing over their credentials, which they used to access the contact information of a limited number of customers.

Twilio claims the hackers’ access was identified and shut down within 12 hours. Impacted users were notified in early July.

The breach discovered in August was a result of a smishing attack launched in mid-July, which involved hundreds of text messages being sent to the phones of current and former Twilio employees. The messages appeared to come from IT administrators and urged recipients to click on a link that took them to a fake Okta login page.

Some employees took the bait and entered their credentials on the phishing sites. The hackers then used these credentials to access internal tools and applications that allowed them to obtain certain customer information.

Advertisement. Scroll to continue reading.

Related: High-Profile Hacks Show Effectiveness of MFA Fatigue Attacks

Related: Signal Discloses Impact From Twilio Hack

Related: Okta Says Customer Data Compromised in Twilio Hack

Related: Twilio, HashiCorp Among Codecov Supply Chain Hack Victims

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this event as we dive into threat hunting tools and frameworks, and explore value of threat intelligence data in the defender’s security stack.

Register

Learn how integrating BAS and Automated Penetration Testing empowers security teams to quickly identify and validate threats, enabling prompt response and remediation.

Register

People on the Move

After the passing of Amit Yoran, Tenable has appointed Steve Vintz and Mark Thurmond as co-CEOs.

Former Wiz executive Trish Cagliostro has joined Orchid Security as Chief Revenue Officer.

Transcend has named former UnitedHealth Group CISO Aimee Cardwell as CISO in Residence.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.