Security News > 2022 > August > Twilio breach let hackers see Okta's one-time MFA passwords
The threat actor behind the Twilio hack used their access to steal one-time passwords delivered over SMS from customers of Okta identity and access management company.
Okta provides its customers with multiple forms of authentication for services, including temporary codes delivered over SMS through Twilio.
With access to the Twilio console, the threat actor could see mobile phone numbers and OTPs belonging to Okta customers.
On August 8, Okta learned that the Twilio hack exposed "Unspecified data relevant to Okta" and started to route SMS-based communication through a different provider.
"Using these logs, Okta's Defensive Cyber Operations' analysis established that two categories of Okta-relevant mobile phone numbers and one-time passwords were viewable during the time in which the attacker had access to the Twilio console" - Okta.
"We assess that the threat actor used credentials previously stolen in phishing campaigns to trigger SMS-based MFA challenges, and used access to Twilio systems to search for One Time Passwords sent in those challenges" - Okta.
News URL
Related news
- Live Ransomware Demo: See How Hackers Breach Networks and Demand a Ransom (source)
- Oracle denies breach after hacker claims theft of 6 million data records (source)
- Chinese Hackers Breach Asian Telecom, Remain Undetected for Over 4 Years (source)
- StreamElements discloses third-party data breach after hacker leaks data (source)
- Hackers lurked in Treasury OCC’s systems since June 2023 breach (source)
- Lazarus hackers breach six companies in watering hole attacks (source)
- Commvault Confirms Hackers Exploited CVE-2025-3928 as Zero-Day in Azure Breach (source)
- Luna Moth extortion hackers pose as IT help desks to breach US firms (source)