A California-based communications firm, Twilio, had recently been attacked by hackers that breached their internal systems and stole customers’ sensitive data. Based on the investigation, a targeted staff of the firm were victimised by a SMiShing (SMS phishing) attack that lost their employee credentials to the hackers, allowing the breach to occur.
Boasting over 5,000 staff across 17 countries worldwide, Twilio is a company that offers several communications solutions to its partners, including programmable text, voice, video, email, and chat APIs.
Twilio released a statement disclosing the attack incident. The firm explained that on August 4, they became aware of unauthorised access to their servers that compromised a limited number of their customer accounts.
The data breach happened through a social engineering technique performed via SMiShing, wherein the hackers tricked some Twilio employees into giving in their credentials.
After successfully stealing the employees’ credentials, the hackers used them to access Twilio’s internal systems and breached some files containing limited customer data.
From the analysis of the SMiShing incident, the threat actors impersonated the IT team of the communications firm and asked the targeted employees to click some links that would allegedly direct them to the sign-in page of Twilio, which is a phishing page.
The malicious text message sent by the threat actors had convinced the employees to click the attached URLs since they had warned them that their corporate passwords had expired and needed to be changed.
The firm’s management has refused to share additional details, including the number of Twilio employees and customers affected by the phishing and data breach incidents. However, they stated that the text messages received by the employees came from US-based network carriers.
Since they have acquired information about the telco carrier of the malicious messages, they have teamed up with the firm to shut down the mobile numbers and worked with hosting providers that supported the malicious phishing pages to dismantle them.
Moreover, Twilio also consulted relevant authorities to help track and identify the threat actors.
The firm immediately revoked the employee accounts to block the hackers’ access to the compromised propriety data. Furthermore, the affected individuals have been contacted and notified about the incident.
