Security News > 2022 > August > Twilio: 125 customers affected by data breach, no passwords stolen
Cloud communications giant Twilio, the owner of the highly popular two-factor authentication provider Authy, says that it has so far identified 125 customers who had their data accessed during a security breach discovered last week.
"We have identified approximately 125 Twilio customers whose data was accessed by malicious actors for a limited period of time, and we have notified all of them," Twilio revealed in an update to the original disclosure.
The attackers gained access to Twilio's network using credentials belonging to multiple employees, stolen in an SMS phishing attack.
After discovering the intrusion, Twilio revoked the compromised employee credentials to block the attackers' access to its systems and started notifying affected customers.
Cloudflare, whose employees also had their credentials stolen in a similar SMS phishing attack, said the attackers failed to breach its systems after their login attempts were blocked because its employees are using company-issued FIDO2-compliant hardware security keys.
Twilio also disclosed in May 2021 that it was affected by last year's Codecov supply-chain attack where threat actors trojanized the legitimate Codecov Bash Uploader tool to steal credentials and secret keys from Codecov customers.
News URL
Related news
- Dutch Police: ‘State actor’ likely behind recent data breach (source)
- Comcast and Truist Bank customers caught up in FBCS data breach (source)
- Internet Archive hacked, data breach impacts 31 million users (source)
- Internet Archive data breach, defacement, and DDoS: Users’ data compromised (source)
- Fidelity Investments says data breach affects over 77,000 people (source)
- Fidelity Data Breach Exposes Data of Over 77,000 Customers (source)
- USDoD hacker behind National Public Data breach arrested in Brazil (source)
- Tech giant Nidec confirms data breach following ransomware attack (source)
- Insurance admin Landmark says data breach impacts 800,000 people (source)
- Henry Schein discloses data breach a year after ransomware attack (source)