Description

As per sources, Twilio, a communication services provider, suffered another security breach on June 29, 2022, which was conducted by the same threat actor who was responsible for the August hack, which resulted in unauthorized access to customer information. During June, a Twilio employee was socially engineered via voice phishing (or 'vishing,' and the malicious actor gained access to a limited number of customers' contact information. Furthermore, the successful attack was detected and stopped within 12 hours, alerting affected customers. Twilio did not specify how many customers were affected by the June incident, nor why it was discovered four months later, but it did divulge the details of the second breach, claiming that the breach affected 93 Authy users and 209 customers. The attack against Twilio was carried out as part of a campaign targeting financial, telecom, and education businesses by the hacking groups 0ktapus and Scatter Swine.