Aug 9, 2022
The social-engineering attack was bent on stealing employee credentials, the company said, calling the as-yet-unidentified adversary “well-organized” and “methodical in their actions.” The incident came to light on August 4.
The communications giant has 268,000 active customer accounts, and counts companies like Airbnb, Box, Dell, DoorDash, eBay, Glassdoor, Lyft, Salesforce, Stripe, Twitter, Uber, VMware, Yelp, and Zendesk among its clients.
It also owns the popular two-factor authentication (2FA) service Authy. Twilio, which is still continuing its investigation into the hack, noted it’s working directly with customers who were impacted.
It didn’t disclose the scale of the attack, the number of employee accounts that were compromised, or what types of data may have been accessed.
Phishing schemes, both leveraging email and SMS, are known to lean on aggressive scare tactics to coerce victims into handing over their sensitive information. This is no exception.
The SMS messages are said to have been sent to both current and former employees masquerading as coming from its IT department, luring them with password expiry notifications to click on malicious links.
The URLs included words such as “Twilio,” “Okta,” and “SSO” (short for single sign-on) to increase the chance of success and redirected the victims to a phony website that impersonated the company’s sign-in page.
“Additionally, the threat actors seemed to have sophisticated abilities to match employee names from sources with their phone numbers,” it noted.
It’s not immediately clear if the breached accounts were secured by 2FA protections.
The San Francisco-based firm has since revoked access to the compromised employee accounts to mitigate the attack, adding it’s examining additional technical safeguards as a preventive measure.
© CopyRights RawNews1st
Make sure you take the time and like us on Facebook https://www.facebook.com/RawNews1st/
