Twilio has detected a data leak that caused attackers to gain access to the company’s internal system to steal employees’ credentials. Twilio is a US-based company based in San Francisco, California that provides programmable communication tools for making and receiving phone calls, sending and receiving text messages, and performing other communication functions using web services APIs. According to the company’s incident report, “this large-scale attack on our employee base managed to trick some employees by providing their credentials.” Current and former Twilio employees recently reported receiving text messages that allegedly came from the company’s IT department. The content of the SMS message indicates that employees’ passwords have expired, their programs have changed, and they need to log in according to the URL managed by the attacker. The company says the URLs use words like “Twilio,” “Okta” and “SSO” to try to get users to click on a link that takes them to a landing page that mimics the Twilio login page. “Text messages are coming from US carrier networks. We have worked with US providers to shut down members, and we have worked with hosting providers who provide malicious URLs to shut down these accounts. In addition, the threat actors, they seem to have advanced skills for employee names to match phone numbers from sources,” he says, Twilio Twilio, is aware of similar attacks that affect other companies, and therefore that coordinate responses to a threat by the actors said.