Security News > 2022 > October > Twilio Reveals Another Breach from the Same Hackers Behind the August Hack

Communication services provider Twilio this week disclosed that it experienced another "Brief security incident" in June 2022 perpetrated by the same threat actor behind the August hack that resulted in unauthorized access of customer information.

"In the June incident, a Twilio employee was socially engineered through voice phishing to provide their credentials, and the malicious actor was able to access customer contact information for a limited number of customers," Twilio said.

Details of the second breach come as Twilio noted the threat actors accessed the data of 209 customers, up from 163 it reported on August 24, and 93 Authy users.

"The last observed unauthorized activity in our environment was on August 9, 2022," it said, adding, "There is no evidence that the malicious actors accessed Twilio customers' console account credentials, authentication tokens, or API keys."

To mitigate such attacks in the future, Twilio said it's distributing FIDO2-compliant hardware security keys to all employees, implementing additional layers of control within its VPN, and conducting mandatory security training for employees to improve awareness about social engineering attacks.

The attack against Twilio has been attributed to a hacking group tracked by Group-IB and Okta under the names 0ktapus and Scatter Swine, and is part of a broader campaign against software, telecom, financial, and education companies.

News URL

https://thehackernews.com/2022/10/twilio-reveals-another-breach-from-same.html