December 8, 2023

Twilio disclosed another security incident in June 2022 perpetrated by the same threat actor behind the August hack that resulted in unauthorized access of customer information.

The security event occurred on June 29, 2022, the company said in an updated advisory shared this week, as part of its probe into the digital break-in.


Threat actorss gained access following the successful attack was identified and thwarted within 12 hours, and that it had alerted impacted customers on July 2, 2022.

The exact number of customers impacted by the June incident is unknown and why the disclosure was made four months after it took place. Details of the second breach come as Twilio noted the threat actors accessed the data of 209 customers, up from 163 it reported on August 24, and 93 Authy users.

Twilio said it’s distributing FIDO2-compliant hardware security keys to all employees, implementing additional layers of control within its VPN, and conducting mandatory security training for employees to improve awareness about social engineering attacks to thrawt such attacks in future.

The attack against Twilio has been attributed to a hacking group named 0ktapus and Scatter Swine, and is part of a broader campaign against software, telecom, financial, and education companies.


The infection chains entailed identifying mobile phone numbers of employees, followed by sending rogue SMSes or calling those numbers to trick them into clicking on fake login pages, and harvesting the credentials entered for follow-on reconnaissance operations within the networks.

As many as 136 organizations are estimated to have been targeted, some of which include Klaviyo, MailChimp, DigitalOcean, Signal, Okta, and an unsuccessful attack aimed at Cloudflare

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.