Enterprise Software Vendor Twilio Hacked In Phishing Attack
US-based enterprise software vendor company Twilio on Monday said it has been hacked as someone gained “unauthorized access” to information related to its customer accounts.
Twilio has more than 150,000 customers, including Facebook and ride-hailing major Uber.
“On August 4, 2022, Twilio became aware of unauthorized access to information related to a limited number of Twilio customer accounts through a sophisticated social engineering attack designed to steal employee credentials,” said the company.
This broad-based attack against its employee base succeeded in fooling some employees into providing their credentials.
The attackers then used the stolen credentials to gain access to some of its internal systems, where they were able to access certain customer data.
“We continue to notify and are working directly with customers who were affected by this incident. We are still early in our investigation, which is ongoing,” said Twilio.
The company did not provide details on the extent of the breach or how many customers were affected.
“We worked with the US carriers to shut down the actors and worked with the hosting providers serving the malicious URLs to shut those accounts down. Additionally, the threat actors seemed to have sophisticated abilities to match employee names from sources with their phone numbers,” said Twilio.
“We have heard from other companies that they, too, were subject to similar attacks, and have coordinated our response to the threat actors – including collaborating with carriers to stop the malicious messages, as well as their registrars and hosting providers to shut down the malicious URLs,” Twilio added.