Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybercrime

Twilio Says Employees Targeted in Separate Smishing, Vishing Attacks

Enterprise communications firm Twilio has concluded its investigation into the recent data breach and revealed on Thursday that its employees were targeted in smishing and vishing attacks on two separate occasions.

Enterprise communications firm Twilio has concluded its investigation into the recent data breach and revealed on Thursday that its employees were targeted in smishing and vishing attacks on two separate occasions.

On August 7, Twilio revealed that it had detected unauthorized access to information related to customer accounts a few days earlier. A probe revealed that the breach was a result of an SMS phishing (smishing) attack targeting the company’s employees.

At around the same time, Cloudflare said it had also been targeted and a few weeks later it came to light that the companies were targeted as part of a massive phishing campaign that hit over 130 organizations. The attackers appeared to be financially motivated.

Twilio has now concluded its investigation. The company says the attackers were locked out of its systems on August 9 and that only 209 of its more than 270,000 customers were impacted, as well as 93 of 75 million Authy end user accounts. There is no evidence that the threat actors accessed Twilio customer console account credentials, authentication tokens or API keys.

Twilio’s final report reveals that the same threat actor was likely also responsible for an attack that targeted the company in late June. The firm described it as a “brief security incident” that involved voice phishing (vishing). The attackers used social engineering to trick an employee into handing over their credentials, which they used to access the contact information of a limited number of customers.

Twilio claims the hackers’ access was identified and shut down within 12 hours. Impacted users were notified in early July.

The breach discovered in August was a result of a smishing attack launched in mid-July, which involved hundreds of text messages being sent to the phones of current and former Twilio employees. The messages appeared to come from IT administrators and urged recipients to click on a link that took them to a fake Okta login page.

Some employees took the bait and entered their credentials on the phishing sites. The hackers then used these credentials to access internal tools and applications that allowed them to obtain certain customer information.

Related: High-Profile Hacks Show Effectiveness of MFA Fatigue Attacks

Related: Signal Discloses Impact From Twilio Hack

Related: Okta Says Customer Data Compromised in Twilio Hack

Related: Twilio, HashiCorp Among Codecov Supply Chain Hack Victims

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Expert Insights

Related Content

Cybercrime

Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.

Cybercrime

The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.

Nation-State

The North Korean APT tracked as TA444 is either moonlighting from its previous primary purpose, expanding its attack repertoire, or is being impersonated by...

Cybercrime

A new study by McAfee and the Center for Strategic and International Studies (CSIS) named a staggering figure as the true annual cost of...

Cybercrime

The FBI dismantled the network of the prolific Hive ransomware gang and seized infrastructure in Los Angeles that was used for the operation.

Cybercrime

Video games developer Riot Games says source code was stolen from its development environment in a ransomware attack

Cybercrime

Artificial intelligence is competing in another endeavor once limited to humans — creating propaganda and disinformation.

Cybercrime

CISA, NSA, and MS-ISAC issued an alert on the malicious use of RMM software to steal money from bank accounts.