Security News > 2022 > August > Cloudflare employees also hit by hackers behind Twilio breach
Cloudflare says some of its employees' credentials were also stolen in an SMS phishing attack similar to the one that led to Twilio's network being breached last week.
Although the attackers got their hands on Cloudflare employees' accounts, they failed to breach its systems after their attempts to log in using them were blocked since they didn't have access to their victims' company-issued FIDO2-compliant security keys.
"Around the same time as Twilio was attacked, we saw an attack with very similar characteristics also targeting Cloudflare's employees," Cloudflare explained on Tuesday.
"While individual employees did fall for the phishing messages, we were able to thwart the attack through our own use of Cloudflare One products, and physical security keys issued to every employee that are required to access all our applications."
Unlike Cloudflare, the company said the attackers were able to access some of its customers' data after breaching internal systems using stolen employee credentials in an SMS phishing attack.
"We have heard from other companies that they, too, were subject to similar attacks, and have coordinated our response to the threat actors - including collaborating with carriers to stop the malicious messages, as well as their registrars and hosting providers to shut down the malicious URLs," Twilio said.
News URL
Related news
- Temu denies breach after hacker claims theft of 87 million data records (source)
- Hackers Exploit Default Credentials in FOUNDATION Software to Breach Construction Firms (source)
- Dell investigates data breach claims after hacker leaks employee info (source)
- Cloudflare Warns of India-Linked Hackers Targeting South and East Asian Entities (source)
- USDoD hacker behind National Public Data breach arrested in Brazil (source)
- Schneider Electric confirms dev platform breach after hacker steals data (source)
- Nokia investigates breach after hacker claims to steal source code (source)