Attackers Break Into Twilio Customer Data Via Phishing Attack

Share post:

Cloud communications company Twilio has confirmed a data breach in which attackers stole customer data via a text message phishing attack.

According to the company, the attackers gained access to its systems after tricking and stealing the credentials of several employees.

To carry out the attack, the threat actors impersonated Twilio’s IT department and asked them to click on URLs with “Twillo,” “Okta,” and “SSO” keywords. Twilio’s employees were tricked into clicking on the embedded links after being warned that their passwords had expired and needed to be changed.

“The text messages originated from U.S. carrier networks. We worked with the U.S. carriers to shut down the actors and worked with the hosting providers serving the malicious URLs to shut those accounts down,” Twilio said.

While the attackers are yet to be identified, the company said the problem has been reported to law enforcement and investigations are ongoing.

Twilio has revoked the employee accounts compromised during the attack in order to block the attackers from accessing its systems.

“As the threat actors were able to access a limited number of accounts’ data, we have been notifying the affected customers on an individual basis with the details,” Twilio said.

The sources for this piece include an article in BleepingComputer.

SUBSCRIBE NOW

Related articles

DOGE’s Teen Hacker Stirs Concern Over Musk Team’s Access to Federal Databases

A 19-year-old named Edward “Big Balls” Coristine has raised red flags after Wired revealed he holds a key...

Deep Seek and Open Source AI – Without the Hype: Discussion with Robert Falzon, Head of Engineering, Check Point

DeepSeek AI is shaking up the cybersecurity world—are we prepared for the risks? Join host Jim Love and...

Researchers Jailbreak DeepSeek AI, Expose System Prompt and Raise Security Concerns

Security researchers at Wallarm have successfully jailbroken DeepSeek, a recently released open-source AI model from China. The jailbreak...

New SMS Phishing Scam Targets U.S. Toll Road Users with Fake Payment Alerts

Brian Krebs of the Krebs on Security blog did a big piece leading with how residents across the...

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways