Multiple Twilio employees were duped into giving their credentials to hackers in a phishing campaign.
Twilio has said on its official blog that on August 4, 2022, Twilio said it had become aware of unauthorized access to information related to a limited number of Twilio customer accounts through a sophisticated social engineering attack designed to steal employee credentials. This broad based attack against its employee base, it said, succeeded in fooling some employees into providing their credentials. The attackers then used the stolen credentials to gain access to some of the company’s internal systems, where they were able to access certain customer data.
More specifically, current & former employees recently reported receiving text messages purporting to be from Twilio’s IT department. Typical text bodies suggested that the employee’s passwords had expired, or that their schedule had changed, & that they needed to log in to a URL the attacker controls. The URLs used words including “Twilio,” “Okta,” & “SSO” to try & trick users to click on a link taking them to a landing page that impersonated Twilio’s sign-in page.
Twilio said the text messages originated from US carrier networks. The company further informed that it had worked with the carriers to shut down the actors & worked with the hosting providers serving the malicious URLs to shut those accounts down.
For more on this, click here.
