Cloud communications company Twilio has confirmed a data breach in which attackers stole customer data via a text message phishing attack.
According to the company, the attackers gained access to its systems after tricking and stealing the credentials of several employees.
To carry out the attack, the threat actors impersonated Twilio’s IT department and asked them to click on URLs with “Twillo,” “Okta,” and “SSO” keywords. Twilio’s employees were tricked into clicking on the embedded links after being warned that their passwords had expired and needed to be changed.
“The text messages originated from U.S. carrier networks. We worked with the U.S. carriers to shut down the actors and worked with the hosting providers serving the malicious URLs to shut those accounts down,” Twilio said.
While the attackers are yet to be identified, the company said the problem has been reported to law enforcement and investigations are ongoing.
Twilio has revoked the employee accounts compromised during the attack in order to block the attackers from accessing its systems.
“As the threat actors were able to access a limited number of accounts’ data, we have been notifying the affected customers on an individual basis with the details,” Twilio said.
The sources for this piece include an article in BleepingComputer.