Twilio Suffers Phishing-Based Data Breach

Communications giant Twilio has confirmed that hackers have gained access to customer data after successfully tricking employees into handing over their login details to the company. The San Francisco-based company, which allows users to put voice and SMS functions such as two-factor authentication (2FA) into apps, said on August 4 that it knew someone had obtained “unauthorized access” to information about some of Twilio’s customer accounts. These results were published in a blog post on Monday. Twilio has more than 150,000 corporate clients, including Uber and Facebook.

The threat factor has not yet been determined. The attack used SMS phishing messages purporting to come from Twilio’s IT department, suggesting that employees’ passwords had expired or their schedules had changed. In the text, the addressee was asked to log in using the specified fake web address. Twilio said the texts appeared legitimate and specifically used jargon that companies use to gain access to their internal applications, such as “SSO.” Twilio said they are working with U.S. providers to stop malicious messages and registrars and hosting providers to shut down malicious URLs used in the campaign. “Despite this response, threat actors have continued to alternate through telecom operators and hosting providers to continue their attacks. Based on these factors, we have reason to believe that the subjects of the threat are well organized, sophisticated and methodical in their actions.”It is not yet known how many customers were affected or what data was stolen.