March 25, 2023

Twilio informed that some of its employees and customers were hacked as part of a scheme in which outsiders duped Twilio employees into handing over their passwords.

Twilio represents a ripe target for hackers, because access to its service could potentially enable hackers to access Twilio clients, or the particular accounts.

Advertisements

This broad-based attack against our employee base succeeded in fooling some employees into providing their credentials.The attackers then used the stolen credentials to gain access to some of our internal systems, where they were able to access certain customer data.

Twilio said it hasn’t identified the specific hackers responsible for the breach, and has hired a computer forensics firm to assist in remediation of the breach.

Attackers targeted Twilio employees with phony text messages stating that the staffers’ password credentials had expired. The texts included links to websites controlled by hackers that appeared to be legitimate. When employees entered their username and password into the website, hackers harvested that information.

Twilio said since the attack, it has revoked access to the compromised employee accounts and has increased its security training to ensure employees are on “high alert” for social engineering attacks. The company said it has begun contacting affected customers on an individual basis.

Tags:

Leave a Reply

You may have missed

Github seizes Exposed RSA SSH Key

Github seizes Exposed RSA SSH Key

March 24, 2023
MITRE Risk Model Manager Platform

MITRE Risk Model Manager Platform

March 24, 2023
Pwn2Own Vancouver 2023 -Day 2 Summary

Pwn2Own Vancouver 2023 -Day 2 Summary

March 24, 2023
Pwn2Own Vancouver 2023 -Day 1 Summary

Pwn2Own Vancouver 2023 -Day 1 Summary

March 24, 2023
ServiceNow AI and Security Enhancements in Utah release

ServiceNow AI and Security Enhancements in Utah release

March 24, 2023
LionsGate Exposes User Data

LionsGate Exposes User Data

March 23, 2023
%d bloggers like this: