Twilio, a company that specializes in integrating corporate communications functions, reported a cybersecurity incident on August 7, 2022. This comes on the heels of a phishing attack carried out on its employees.
125 customers affected
The San Francisco-based company develops software templates to make it easier to integrate business communication features into any application. The goal is to offer a tool through which its customers can manage and personalize communications with customers, whether via WhatsApp, SMS, video, etc. It also offers email marketing services. Twilio has more than 150,000 corporate customers including Facebook, Uber and Deliveroo. But also Desore, Galeries La Fayette, Champs-Elysées, Arca, and Evanius in France.
Twilio has identified approximately 125 customers whose data was accessed by malicious actors for a limited time. Everyone has been informed of the problem. However, Twilio adds to continue his investigation. If other affected customers are identified, they will be notified immediately. “There is no evidence that client passwords, auth tokens, or API keys were accessed without permission”company adds.
Twilio states that it has discovered unauthorized access to information regarding Limited number of customer accounts August 4th. This was made possible by a massive phishing attack that resulted in some employees handing over their credentials to the bad guys. Some employees or former employees have reported receiving text messages claiming to be from their IT department indicating that their password has expired or their schedule has changed and that they are urged to connect to a URL managed by the attackers. From this link they can retrieve the login credentials. The attackers appeared to have the ability to match people’s names to their phone numbers.
The hackers then used this information to gain access to Twilio’s internal systems and customer data. Twilio says it is working with US carriers to shut down malicious numbers, and with hosts to shut down web pages. Most importantly, access to the compromised employee accounts was quickly revoked once the threat was detected.
Twilio adds that he did not identify the source of the threat. However, the same attacker appears to have created other phishing pages impersonating other companies, TechCrunch reports. But the effects of these attacks are not yet known.