Readers may recall that cloud telecommunications company Twilio revealed that hackers accessed user data on August 7, 2022. Advanced social engineering attacks It was confirmed that employees were targeted with SMS phishing (“smishing”) text messages.
The attackers sent current Twilio staff and former employees SMS text messages purporting to have been sent from the company’s IT department, informing them that their passwords had expired.
By clicking on the link in the message, the unsuspecting individual was directed to a fake Twilio login page where he entered his credentials, giving the hackers access to customer data.
Now, following the conclusion Investigation In that incident, Twilio revealed that the same malicious hackers tricked employees into providing their passwords through a voice phishing attack on June 29, 2022.
“Our research concluded that the brief security incident on June 29, 2022 likely involved the same malicious actor. The actor had access to customer contact information for a limited number of customers.”
Of course, it hardly matters if the security incident was “short”.
Also, there are still some nasty things to read about Twilio’s incident reports. For example, the company first announced that he had been compromised on August 7, 2022, but two days later he “last observed unauthorized activity” on the system on August 9. was revealed only this week.
After completing an investigation into the breach, Twilio said 209 customers and 93 end users of its Authy two-factor authentication app had accounts affected by the attack.
The attack against Twilio was part of a larger campaign. “0 ktapus” According to security researchers, over 130 organizations were compromised.
For example, encrypted messaging service Signal reports roughly: 1,900 users Your message history and contact list were kept safe, but may have been affected as a result of the Twilio breach.
Twilio says it is taking steps to reduce the effectiveness of smishing and vishing attacks in the future by implementing additional security measures, including:
- Implement stronger two-factor precautions and distribute FIDO2 tokens to all employees.
- Implement an additional layer of control within the VPN.
- Remove and restrict certain features within certain management tools.
- Increase token refresh frequency for Okta-integrated applications.
- Conduct additional mandatory security training for all employees on attacks based on social engineering techniques.
Twilio said it was “extremely disappointed and frustrated” by the incident and apologized to its customers. .