Twilio, a U.S. communication services provider and messaging giant, confirmed a second breach in June in which cybercriminals gained access to customer contact data from the same threat actor as the August hack.
Confirmation of the second breach was buried in an update to a lengthy incident report from Twilio.
“The threat actor’s access was identified and eradicated within 12 hours,” Twilio said in its update, adding that customers whose information was impacted by the June incident were notified on July 2.
“In the June incident, a Twilio employee was socially engineered through voice phishing or ‘vishing’) to provide their credentials, and the malicious actor was able to access customer contact information for a limited number of customers,” Twilio said.
Twilio said the same attackers socially manipulated an employee through voice phishing, a tactic in which hackers make fraudulent phone calls by faking the company’s IT department to trick employees into handing over sensitive information. The Twilio employee in this case provided their corporate credentials, allowing the attacker to access customer contact information for a limited number of customers.
It also found that the access gained from the successful attack was identified and thwarted within 12 hours and that affected customers were notified on 2 July 2022.
Twilio also revealed in its update that the hackers responsible for the breach in August gained access to the data of 209 customers, an increase from the 163 customers announced on August 24. Twilio has not identified any of its affected customers, but some, such as the encrypted messaging app Signal, have notified users that they are affected by Twilio’s breach. The attackers also gained access to the accounts of 93 Authy users, Twilio’s two-factor authentication app.
The sources for this piece include an article in HackerNews.
