Keepnet Labs Logo
Menu
Keepnet Labs > blog > twilio-suffers-phishing-based-data-breach

Twilio Suffers Phishing-Based Data Breach

Hackers have gained access to customer data after tricking employees into handing over their login details. Attack used SMS phishing messages purporting to come from Twilio’s IT department. It is not yet known how many customers were affected or what data was stolen.

Twilio Suffers Phishing-Based Data Breach

Communications giant Twilio has confirmed that hackers have gained access to customer data after successfully tricking employees into handing over their login details to the company. The San Francisco-based company, which allows users to put voice and SMS functions such as two-factor authentication (2FA) into apps, said on August 4 that it knew someone had obtained “unauthorized access” to information about some of Twilio’s customer accounts. These results were published in a blog post on Monday. Twilio has more than 150,000 corporate clients, including Uber and Facebook.

The threat factor has not yet been determined. The attack used SMS phishing messages purporting to come from Twilio’s IT department, suggesting that employees’ passwords had expired or their schedules had changed. In the text, the addressee was asked to log in using the specified fake web address. Twilio said the texts appeared legitimate and specifically used jargon that companies use to gain access to their internal applications, such as “SSO.” Twilio said they are working with U.S. providers to stop malicious messages and registrars and hosting providers to shut down malicious URLs used in the campaign. “Despite this response, threat actors have continued to alternate through telecom operators and hosting providers to continue their attacks. Based on these factors, we have reason to believe that the subjects of the threat are well organized, sophisticated and methodical in their actions.”It is not yet known how many customers were affected or what data was stolen.

SHARE ON

twitter
linkedin
facebook

Schedule your 30-minute demo now

You'll learn how to:
tickAutomate behaviour-based security awareness training for employees to identify and report threats: phishing, vishing, smishing, quishing, MFA phishing, callback phishing!
tickAutomate phishing analysis by 187x and remove threats from inboxes 48x faster.
tickUse our AI-driven human-centric platform with Autopilot and Self-driving features to efficiently manage human cyber risks.
iso 27017 certificate
iso 27018 certificate
iso 27001 certificate
ukas 20382 certificate
Cylon certificate
Crown certificate
Gartner certificate
Tech Nation certificate