Security News > 2022 > October > Twilio discloses another hack from June, blames voice phishing
Cloud communications company Twilio disclosed a new data breach stemming from a June 2022 security incident where the same attackers behind the August hack accessed some customers' information.
The attacker used social engineering to trick an employee into handing over their credentials in a voice phishing attack.
Twilio also shared that hackers behind the August breach had accessed the data of 209 customers and 93 Authy end users after breaching some internal non-production systems using employee credentials stolen in an SMS phishing attack.
After concluding the incident investigation, Twilio also found no evidence that any of its customers' console account credentials, API keys, or authentication tokens were also accessed.
As Twilio said after the August incident, the attackers gained access to its network using employee credentials stolen in an SMS phishing attack.
As a result of the June and August breaches, Twilio says it reset the credentials of the compromised employee user accounts and is distributing FIDO2 tokens to all employees.