Cloud communication firm Twilio hacked, customers' data exposed


San Francisco, Aug 15 (IANS): US-based Cloud communications company Twilio has admitted data breach as hackers entered its internal systems after stealing employee credentials in an SMS phishing attack.

Twilio said it identified 125 customers who had their data accessed during a security breach.

"We have identified approximately 125 Twilio customers whose data was accessed by malicious actors for a limited period of time, and we have notified all of them," Twilio said in a statement.

Twilio, which owns popular two-factor authentication (2FA) Authy, said over the weekend that on August 4, it became aware of unauthorised access to information related to a limited number of Twilio customer accounts through a sophisticated social engineering attack designed to steal employee credentials.

"The attackers then used the stolen credentials to gain access to some of our internal systems, where they were able to access certain customer data," it said in a statement.

According to Bleeping Computer, the SMS phishing messages "baited Twilio's employees into clicking the embedded links by warning them that their passwords had expired or were scheduled to be changed".

Twilio later revoked the compromised employee credentials to block the attackers' access to its systems.

The company also asked several US mobile carriers to shut down the accounts used to deliver the phishing messages, the report mentioned.

 

  

Top Stories


Leave a Comment

Title: Cloud communication firm Twilio hacked, customers' data exposed



You have 2000 characters left.

Disclaimer:

Please write your correct name and email address. Kindly do not post any personal, abusive, defamatory, infringing, obscene, indecent, discriminatory or unlawful or similar comments. Daijiworld.com will not be responsible for any defamatory message posted under this article.

Please note that sending false messages to insult, defame, intimidate, mislead or deceive people or to intentionally cause public disorder is punishable under law. It is obligatory on Daijiworld to provide the IP address and other details of senders of such comments, to the authority concerned upon request.

Hence, sending offensive comments using daijiworld will be purely at your own risk, and in no way will Daijiworld.com be held responsible.