Security News > 2022 > August > Twilio breach let hackers see Okta's one-time MFA passwords
The threat actor behind the Twilio hack used their access to steal one-time passwords delivered over SMS from customers of Okta identity and access management company.
Okta provides its customers with multiple forms of authentication for services, including temporary codes delivered over SMS through Twilio.
With access to the Twilio console, the threat actor could see mobile phone numbers and OTPs belonging to Okta customers.
On August 8, Okta learned that the Twilio hack exposed "Unspecified data relevant to Okta" and started to route SMS-based communication through a different provider.
"Using these logs, Okta's Defensive Cyber Operations' analysis established that two categories of Okta-relevant mobile phone numbers and one-time passwords were viewable during the time in which the attacker had access to the Twilio console" - Okta.
"We assess that the threat actor used credentials previously stolen in phishing campaigns to trigger SMS-based MFA challenges, and used access to Twilio systems to search for One Time Passwords sent in those challenges" - Okta.