Enterprise software provider Twilio hacked in phishing attack
San Francisco, August 8 (IANS): Twilio, a US-based enterprise software provider, said on Monday it was hacked when someone gained “unauthorized access” to its customer account information.
Twilio has more than 150,000 customers, including Facebook and the big Uber.
“On August 4, 2022, Twilio became aware of unauthorized access to information related to a limited number of Twilio customer accounts via a sophisticated social engineering attack designed to steal employee credentials,” said the society.
This large-scale attack on its employee base managed to trick some employees into providing their credentials.
The attackers then used the stolen credentials to gain access to some of its internal systems, where they were able to access some customer data.
“We continue to notify and work directly with customers who have been impacted by this incident. We are still at the beginning of our investigation, which is ongoing,” Twilio said.
The company did not provide details on the extent of the breach or the number of customers affected.
“We worked with the US operators to shut down the actors and with the hosts who serve the malicious URLs to shut down these accounts. Additionally, the threat actors appeared to have sophisticated capabilities to match the names of the sources’ employees with their phone numbers,” Twilio says.
“We have heard from other companies that they too have been subject to similar attacks, and we have coordinated our response to threat actors, including working with operators to stop malicious messages, as well as with their registrars and hosts to shut down the malicious URLs,” Twilio added.