Security News > 2022 > August > Twilio discloses data breach after SMS phishing attack on employees

Cloud communications company Twilio says some of its customers' data was accessed by attackers who breached internal systems after stealing employee credentials in an SMS phishing attack.

"On August 4, 2022, Twilio became aware of unauthorized access to information related to a limited number of Twilio customer accounts through a sophisticated social engineering attack designed to steal employee credentials," Twilio said over the weekend.

Twilio's EMEA Communications Director Katherine James declined to provide more information when asked how many employees had their accounts compromised in the phishing attack and how many customers were affected by the breach, saying the company has "No additional comment to provide at this time beyond what is posted in the blog."

The SMS phishing messages baited Twilio's employees into clicking the embedded links by warning them that their passwords had expired or were scheduled to be changed.

Twilio has also revoked the employee accounts compromised during the attack to block the attackers' access to its systems and has started notifying customers affected by this incident.

"As the threat actors were able to access a limited number of accounts' data, we have been notifying the affected customers on an individual basis with the details," Twilio also revealed.

News URL

https://www.bleepingcomputer.com/news/security/twilio-discloses-data-breach-after-sms-phishing-attack-on-employees/