Security News > 2022 > August > Hackers Behind Twilio Breach Also Targeted Cloudflare Employees
Web infrastructure company Cloudflare on Tuesday disclosed at least 76 employees and their family members received text messages on their personal and work phones bearing similar characteristics as that of the sophisticated phishing attack against Twilio.
The attack, which transpired around the same time Twilio was targeted, came from four phone numbers associated with T-Mobile-issued SIM cards amd was ultimately unsuccessful.
The text messages pointed to a seemingly legitimate domain containing the keywords "Cloudflare" and "Okta" in an attempt to deceive the employees into handing over their credentials.
Cloudflare said three of its employees fell for the phishing scheme, but noted that it was able to prevent its internal systems from being breached through the use of FIDO2-compliant physical security keys required to access its applications.
Besides working with DigitalOcean to shut down the attacker's server, the company also said it reset the credentials of the impacted employees and that it's tightening up its access implementation to prevent any logins from unknown VPNs, residential proxies, and infrastructure providers.
The development comes days after Twilio said unknown hackers succeeded in phishing the credentials of an undisclosed number of employees and gained unauthorized access to the company's internal systems, using it to get hold of customer accounts.
News URL
https://thehackernews.com/2022/08/hackers-behind-twilio-breach-also_10.html
Related news
- Temu denies breach after hacker claims theft of 87 million data records (source)
- Hackers Exploit Default Credentials in FOUNDATION Software to Breach Construction Firms (source)
- Dell investigates data breach claims after hacker leaks employee info (source)
- Cloudflare Warns of India-Linked Hackers Targeting South and East Asian Entities (source)
- USDoD hacker behind National Public Data breach arrested in Brazil (source)
- Schneider Electric confirms dev platform breach after hacker steals data (source)
- Nokia investigates breach after hacker claims to steal source code (source)