September 22, 2023

Twilio informed that some of its employees and customers were hacked as part of a scheme in which outsiders duped Twilio employees into handing over their passwords.

Twilio represents a ripe target for hackers, because access to its service could potentially enable hackers to access Twilio clients, or the particular accounts.

Advertisements

This broad-based attack against our employee base succeeded in fooling some employees into providing their credentials.The attackers then used the stolen credentials to gain access to some of our internal systems, where they were able to access certain customer data.

Twilio said it hasn’t identified the specific hackers responsible for the breach, and has hired a computer forensics firm to assist in remediation of the breach.

Attackers targeted Twilio employees with phony text messages stating that the staffers’ password credentials had expired. The texts included links to websites controlled by hackers that appeared to be legitimate. When employees entered their username and password into the website, hackers harvested that information.

Twilio said since the attack, it has revoked access to the compromised employee accounts and has increased its security training to ensure employees are on “high alert” for social engineering attacks. The company said it has begun contacting affected customers on an individual basis.

Tags:

Leave a Reply

You may have missed

T-Mobile and Data Breach tightly coupled

September 21, 2023

Cisco Acquires Splunk in a blockbuster deal

September 21, 2023

Atlassian BitBucket and Confluence Vulnerabilities

September 21, 2023

Snatch ransomware Dissection

September 21, 2023

Fortinet Fixes Vulnerabilities in FortiOS

September 20, 2023

Trend Micro Endpoint Vulnerability – CVE-2023-41179

September 20, 2023
%d bloggers like this: