Security News > 2022 > August > Twilio confirms data breach after its employees got phished
Cloud communications company Twilio has announced that some of it employees have been phished and that the attackers used the stolen credentials to gain access to some internal company systems and customer data.
Apparently, Twilio employees were not the only ones targeted by these attackers.
According to Tech Crunch, the attackers tried the same tactics against employees of a U.S. internet company, an IT outsourcing company and a customer service provider.
"We have reemphasized our security training to ensure employees are on high alert for social engineering attacks, and have issued security advisories on the specific tactics being utilized by malicious actors since they first started to appear several weeks ago. We have also instituted additional mandatory awareness training on social engineering attacks in recent weeks," Twilio said, but obviously even that wasn't enough to prevent some employees getting fooled.
While the attackers are, as Twilio says, well-organized and methodical, the sophistication of this attack campaign is mostly revolves around the fact that the attackers were able to "Match employee names from sources with their phone numbers."
Twilio has previously suffered a data breach in April 2021, as a direct result of the Codecov supply chain compromise, and another security incident in July 2020 that resulted in attackers injecting malicious code into their TaskRouter JS SDK library.
News URL
https://www.helpnetsecurity.com/2022/08/09/twilio-phished-data-breach/
Related news
- Dutch Police: ‘State actor’ likely behind recent data breach (source)
- Comcast and Truist Bank customers caught up in FBCS data breach (source)
- Internet Archive hacked, data breach impacts 31 million users (source)
- Internet Archive data breach, defacement, and DDoS: Users’ data compromised (source)
- Fidelity Investments says data breach affects over 77,000 people (source)
- Fidelity Data Breach Exposes Data of Over 77,000 Customers (source)
- USDoD hacker behind National Public Data breach arrested in Brazil (source)
- Tech giant Nidec confirms data breach following ransomware attack (source)
- Insurance admin Landmark says data breach impacts 800,000 people (source)
- Henry Schein discloses data breach a year after ransomware attack (source)