Security News > 2022 > August > Twilio breach let hackers see Okta's one-time MFA passwords
The threat actor behind the Twilio hack used their access to steal one-time passwords delivered over SMS from customers of Okta identity and access management company.
Okta provides its customers with multiple forms of authentication for services, including temporary codes delivered over SMS through Twilio.
With access to the Twilio console, the threat actor could see mobile phone numbers and OTPs belonging to Okta customers.
On August 8, Okta learned that the Twilio hack exposed "Unspecified data relevant to Okta" and started to route SMS-based communication through a different provider.
"Using these logs, Okta's Defensive Cyber Operations' analysis established that two categories of Okta-relevant mobile phone numbers and one-time passwords were viewable during the time in which the attacker had access to the Twilio console" - Okta.
"We assess that the threat actor used credentials previously stolen in phishing campaigns to trigger SMS-based MFA challenges, and used access to Twilio systems to search for One Time Passwords sent in those challenges" - Okta.
News URL
Related news
- Lazarus hackers breach six companies in watering hole attacks (source)
- Commvault Confirms Hackers Exploited CVE-2025-3928 as Zero-Day in Azure Breach (source)
- Luna Moth extortion hackers pose as IT help desks to breach US firms (source)
- Twilio denies breach following leak of alleged Steam 2FA codes (source)
- Russian hackers breach orgs to track aid routes to Ukraine (source)
- Chinese hackers breach US local governments using Cityworks zero-day (source)
- Ivanti EPMM flaw exploited by Chinese hackers to breach govt agencies (source)
- Russian Hackers Breach 20+ NGOs Using Evilginx Phishing via Fake Microsoft Entra Pages (source)