Twilio disclosed a data breach where the attackers gain access to the company’s internal system to steal employees’ credentials. Twilio is an American company based in San Francisco, California, which provides programmable communication tools for making and receiving phone calls, sending and receiving text messages, and performing other communication functions using its web service APIs.
According to the incident report of the company, “This broad-based attack against our employee base succeeded in fooling some employees into providing their credentials”.
Twilio’s present and former employees recently reported receiving text messages purporting to be from the company’s IT department. The content of the text message conveys that the employee’s passwords had expired, that their schedule had changed, and that they needed to log in to a URL the attacker controls.
The company says the URLs used words like “Twilio,” “Okta,” and “SSO” to attempt and trick users to click on a link redirecting them to a landing page that imitates Twilio’s sign-in page.
“The text messages originated from U.S. carrier networks. We worked with the U.S. carriers to shut down the actors and worked with the hosting providers serving the malicious URLs to shut those accounts down. Additionally, the threat actors seemed to have sophisticated abilities to match employee names from sources with their phone numbers”, Twilio
Twilio says that it is aware of similar attacks that hit other companies, for this reason, it has coordinated its response to the threat actors. The company is collaborating with carriers to stop phishing messages, as well as their registrars and hosting providers to shut down the malicious URLs.
“As the threat actors were able to access a limited number of accounts’ data, we have been notifying the affected customers on an individual basis with the details. If you are not contacted by Twilio, then it means we have no evidence that your account was impacted by this attack.”
“We will of course perform an extensive post-mortem on this incident and begin instituting betterments to address the root causes of the compromise immediately”, Twilio.
You can follow us on Linkedin, Twitter, Facebook for daily Cybersecurity updates.