Enterprise software vendor Twilio hacked in phishing attack


San Francisco, Aug 8 (IANS): US-based enterprise software vendor company Twilio on Monday said it has been hacked as someone gained "unauthorised access" to information related to its customer accounts.

Twilio has more than 150,000 customers, including Facebook and ride-hailing major Uber.

"On August 4, 2022, Twilio became aware of unauthorized access to information related to a limited number of Twilio customer accounts through a sophisticated social engineering attack designed to steal employee credentials," said the company.

This broad-based attack against its employee base succeeded in fooling some employees into providing their credentials.

The attackers then used the stolen credentials to gain access to some of its internal systems, where they were able to access certain customer data.

"We continue to notify and are working directly with customers who were affected by this incident. We are still early in our investigation, which is ongoing," said Twilio.

The company did not provide details on the extent of the breach or how many customers were affected.

"We worked with the US carriers to shut down the actors and worked with the hosting providers serving the malicious URLs to shut those accounts down. Additionally, the threat actors seemed to have sophisticated abilities to match employee names from sources with their phone numbers," said Twilio.

"We have heard from other companies that they, too, were subject to similar attacks, and have coordinated our response to the threat actors – including collaborating with carriers to stop the malicious messages, as well as their registrars and hosting providers to shut down the malicious URLs," Twilio added.

  

Top Stories


Leave a Comment

Title: Enterprise software vendor Twilio hacked in phishing attack



You have 2000 characters left.

Disclaimer:

Please write your correct name and email address. Kindly do not post any personal, abusive, defamatory, infringing, obscene, indecent, discriminatory or unlawful or similar comments. Daijiworld.com will not be responsible for any defamatory message posted under this article.

Please note that sending false messages to insult, defame, intimidate, mislead or deceive people or to intentionally cause public disorder is punishable under law. It is obligatory on Daijiworld to provide the IP address and other details of senders of such comments, to the authority concerned upon request.

Hence, sending offensive comments using daijiworld will be purely at your own risk, and in no way will Daijiworld.com be held responsible.