Description

As per sources, Twilio, a cloud communication company, confirmed on August 4, 2022, that some of its customers' data were accessed by unknown attackers who breached internal systems using stolen employee credentials via an SMS phishing attack. Twilio provides programmable voice, text, chat, video, and email APIs used by more than 10 million developers and 150,000 businesses around the world. In the phishing attack, threat actors impersonated Twilio's IT department and Twilio employees were tricked into clicking embedded links containing 'Twilio,' 'Okta,' and 'SSO' keywords that redirected to a site that looks like Twilio sign-in page. Additionally, the SMS phishing messages warn victims that their passwords had expired or would be changed soon. In regards to the network breach, a Twilio spokesperson declined to share more information on the number of employees and customers affected by the phishing attack. Twilio highlighted that the phishing text messages originated from U.S carriers and have worked with the carriers to shut down the actors and with the hosting providers serving the malicious URLs to shut those accounts down. In addition, the company claimed that they are working with law enforcement to block the attackers' access to their systems and said they informed affected customers individually of the attack details and have yet to identify the attackers. In addition, Twilio mentioned that other companies have been subjected to similar attacks and they have coordinated their response to the hackers, as well as, working with carriers and registrars to prevent malicious messages and URLs. But, still, threat actors were observed to continue to use different carriers and hosting providers to perform malicious activities.