Twilio suffered a breach a couple of months ago, where cybercriminals sent warnings through SMS informing Twilio employees that their passwords had expired or were scheduled to be changed. (Credit: Getty Images/Bill Hinton) The hackers who successfully breached Twilio and targeted Cloudflare have been going after dozens of companies across the software, finance, and . This smishing campaign led to the exposure of a limited amount of both customer and employee data. I specifically don't think the Twilio breach is a threat. Social engineering at Klaviyo exposes customer data. In a blog post shared with TechCrunch ahead of its publication at market close, DoorDash . The manner in which these two organizations responded to their respective breaches is instructive. In fact, knowledge retention rates drop by more than 50% when training is more than two minutes. Get Paid to Hack Computer Networks When You Become a Certified Ethical Hacker. Like Twilio, a key part of the company's response involved rotating relevant credentials. Digital communication platform Twilio was hacked after a phishing campaign tricked its employees into revealing their login credentials ( via TechCrunch ). Communications API developer Twilio has revealed a data breach last week in which an undisclosed number of customer accounts were accessed by hackers. The revelation was buried in a lengthy incident report updated and concluded yesterday. Details of the second breach come as Twilio noted the threat actors accessed the data of 209 customers, up from 163 it reported on August 24, and 93 Authy users. The company provides communication and data management tools that businesses can use to enhance their interactions with customers. The San Francisco-based customer engagement platform provider counts hundreds of thousands of businesses as customers. Concluding its investigation into the breaches, Twilio says that 209 customers and 93 end users of its Authy two-factor authentication app had their accounts impacted by the attack. If you are not contacted by Twilio, then it means we have no evidence that your account was impacted by this attack.. Given that this attack targeted multiple companies, its vital that all organisations consider the lessons to be learned. In this incident, an unknown threat actor used SMS phishing messages to dupe numerous Twilio employees into sharing their login credentials, which then enabled the attacker to access the companys internal systems. However, Signal - considered one of the better secured of all the encrypted messaging apps - claims the attacker would not have been able to . Below, well give you an overview of the security incident: what happened, who was impacted and how you can prevent the same thing happening in your organisation. Found this article interesting? Communication tool provider Twilio has revealed that the same malicious actors responsible for a July breach at the firm also managed to compromise an employee a month prior, exposing customer information. 9 Aug 2022. Bot Warning for Retailers Ahead of Busy Shopping Season, UK Security Agency to Scan the Country for Bugs, Smishing Attack Led to Major Twilio Breach, Over Half of SMEs Have Experienced a Cybersecurity Breach, Record Number of Breaches Detected Amid #COVID19, Over a Third of TMT Firms Hit by Security Breach in 2020. Twilio marks the second known company to disclose a security incident related to the supply chain attack involving Codecov. Enterprise communications firm Twilio has concluded its investigation into the recent data breach and revealed on Thursday that its employees were targeted in smishing and vishing attacks on two separate occasions. August 26, 2022. Get this video training with lifetime access today for just $39! In the meantime, if you recently downloaded and deployed a copy of the SDK, you might want to check you have a clean version. Get 1-Yr Access to Courses, Live Hands-On Labs, Practice Exams and Updated Content, Your 28-Hour Roadmap as an Ultimate Security Professional Master Network Monitoring, PenTesting, and Routing Techniques and Vulnerabilities, Know Your Way Around Networks and Client-Server Linux Systems Techniques, Command Line, Shell Scripting, and More. Details of the second breach come as Twilio noted the threat actors accessed the data of 209 customers, up from 163 it reported on August 24, and 93 Authy users. The threat actors access was identified and eradicated within 12 hours. The attack is similar to the one that hit identity security vendor Okta and some of its customers earlier this year. EA data breach: what happened & how it could have been prevented, When documents attack: malware inserted in attachments. . To mitigate such attacks in the future, Twilio said it's distributing FIDO2-compliant hardware security keys to all employees, implementing additional layers of control within its VPN, and conducting mandatory security training for employees to improve awareness about social engineering attacks. Where: Twilio is a service used nationwide. . Read the report, 2022 Gartner Cool Vendors in Software Engineering: Enhancing Developer Productivity. In the June incident, a Twilio employee was socially engineered through voice phishing (or vishing) to provide their credentials, and the malicious actor was able to access customer contact information for a limited number of customers, the notice read. Information about your device and internet connection, including your IP address, Browsing and search activity while using Yahoo websites and apps. In June, Twilio states, the threat actors used a voice phishing, or "vishing" scam to coerce an employee into sharing their login credentials, which the attackers then used to access . Follow THN on, Google Issues Urgent Chrome Update to Patch Actively Exploited Zero-Day Vulnerability, Twilio Reveals Another Breach from the Same Hackers Behind the August Hack, High-Severity Flaws in Juniper Junos OS Affect Enterprise Networking Devices, OpenSSL Releases Patch for 2 New High-Severity Vulnerabilities, These Dropper Apps On Play Store Targeting Over 200 Banking and Cryptocurrency Wallets, Researchers Uncover Stealthy Techniques Used by Cranefly Espionage Hackers. "In the June incident, a Twilio employee was socially engineered through voice phishing (or 'vishing') to provide their credentials, and the malicious actor was able to access customer contact information for a limited number of customers," Twilio said. Cloud communications platform Twilio has admitted that hackers gained access to some customer data last week after a social engineering attack handed internal login credentials to threat actors. Updated The security breach at Twilio earlier this month affected at least one high-value customer, Signal, and led to the exposure of the phone number and SMS registration codes for 1,900 users of the encrypted messaging service, it confirmed.. "This broad based attack against our . You can change your choices at any time by visiting Your Privacy Controls. The Hacker News, 2022. We continue to notify and are working directly with customers who were affected by this incident. Now, the same is ongoing but with an elevated voice . The ramifications of the Twilio breach "The kind of telecom attack suffered by Twilio is a vulnerability that Signal developed features like registration lock and Signal PINs to protect. By exploiting a five-year-old configuration error, a hacker was able to access Amazon's S3 cloud storage buckets on which Twilio's code was loaded. Phishers fooled some Twilio employees into providing their credentials and then used them to gain access to the company's . A to Z Cybersecurity Certification Training. End-to-end encrypted messaging app Signal says attackers accessed the phone numbers and SMS verification codes for almost 2,000 users as part of the breach at communications giant Twilio last week. October 28, 2022, 11:50 AM EDT In a newly reported attack, an employee was socially engineered via voice phishing -- or "vishing" - the company says Cloud communications company Twilio was. "On August 4, 2022, Twilio became aware of unauthorized access to information related to a . Information . Twilio Security Key tenets of our security program Data Security Product security Risk management Operational resilience Security starts at the top and reaches every member of the workforce. Try Polymer for free. Twilio has since revoked the access privileges from the compromised accounts and it is currently notifying impacted customers. A Step-By-Step Guide to Vulnerability Assessment. Hackers behind a phishing attack that compromised accounts on cloud communications provider Twilio Inc. used their access to intercept onetime passwords issued by Okta Inc. Out of Twilio's 270,000 clients, 0.06 percent might seem. Saying this, the investigation into the attack is still ongoing right now and we simply dont know the full extent of the damage done. When employees clicked on the fake webpage, a few entered their details. Earlier in the day, someone had manipulated the code in a software product that Twilio customers use to route calls and other communications. Research By: Christine Coz, Info-Tech Research Group August 06, 2020. . Why: Twilio blames the data breach on a "sophisticated social engineering attack" that allowed hackers to gain access to some of its internal systems. In a blog post on Sunday, Twilio said that it learned of the unauthorized access on August 4. Twilio data breach overview: Who: Digital communication platform Twilio revealed that a "limited number" of customer accounts were compromised in a data breach this month. Click here to find out more about our partners. The main concern, as CPO Magazine highlights, comes from totalitarian governments using the accounts to identify and target activists and other political opponents. By clicking "Accept all" you agree that Yahoo and our partners will store and/or access information on your device through the use of cookies and similar technologies and process your personal data, to display personalised ads and content, for ad and content measurement, audience insights and product development. On August 7, Twilio revealed that it had detected unauthorized access to information related to customer accounts a few days earlier. U.S. messaging giant Twilio confirmed it was hit by a second breach in June that saw cybercriminals access customer contact information. In July 2020 Twilio, a cloud communications platform-as-a-service (CPaaS), became compromised as a bad actor broke into one of their unprotected, world-writeable S3 Buckets and attempted to upload an SDK which was accessible by Twilio's customers. Posing as Twilio or other IT administrators, they tricked some recipients into clicking on password reset links leading to fake Okta login pages for Twilio. Enter a data breach notification issued Sunday by Twilio. Twliio has shared that it has been notifying the affected customers on an individual basis with the details. However, it notes that the threat actors continued to rotate through carriers and hosting providers to resume their attacks.. The . The communication company Twilio suffered a breach at the beginning of August that it says impacted 163 of its customer organizations. Over the weekend, the US-founded communications company, Twilio, disclosed that it suffered a data breach, after some of its employees fell for a sophisticated phishing scam. Food delivery giant DoorDash has confirmed a data breach that exposed customers' personal information. Twilio said it concluded its investigation into its July security breach and has posted a final version of its IR report on its blog. . Click here to find out more about our partners. Signal says that the Twilio phishing attack exposed the phone numbers of around 1900 of the messaging service's users. Even without that component, a surge in spear phishingwhich is a form of targeted phishing . TechCrunch is part of the Yahoo family of brands. . Twilio discloses a data breach. Twilio told us it is planning to issue a report with more information on the incident in the coming days. Twilio, which offers . In this campaign, spanning recent months, a number of technology companies were subject to persistent phishing attacks by a threat actor that you will see referred to as Scatter . In the attack in July, the attackers sent hundreds of "smishing" text messages to the mobile phones of current and former Twilio employees. We sincerely apologize that this happened. However, rather than actually changing their password, these details were forwarded onto the threat actor, who then exploited them for their own use. As 2021 saw the most cyberattacks that had ever occurred in the history of the world, the data breaches that companies such as Twilio have sustained in recent . Hey, I even set up my niece with Bitwarden and Authy last fall. 109. Security researchers from Appthority have also concluded that at least 685 mobile apps which are using Twilio are found intercepted by hackers. Below, we'll give you an overview of the security incident: what happened, who was impacted and how you can prevent the same thing happening in your organisation. Twilio is a big name in the B2B communications space. The security team at Twilio, a cloud communications company that claimed over $1 billion in revenue last year, could breathe a sigh of relief on Sunday night. You can find out more about our nudge solution here. Still, recent investigations showed that the breach impacted over 300 customers of both Twilio and Authy (an . However, the same actors were also responsible for another phishing attempt, this time carried out over the phone, the report revealed. Twilio. The report focuses mainly on the JulyAugust incident in which attackers sent hundreds of smishing text messages to the mobile phones of current and former Twilio employees. . As many as 136 organizations are estimated to have been targeted, some of which include Klaviyo, MailChimp, DigitalOcean, Signal, Okta, and an unsuccessful attack aimed at Cloudflare. Bogus SMS messages (smishing) were sent in mid-July. Even Twilio's own 2FA app, Authy, is safe to use despite the parent company suffering a data breach, since the tokens are end-to-end encrypted before being uploaded to the cloud. Security News Twilio Customer Data Breached By SMS Phishing Attack Mark Haranas August 08, 2022, 01:13 PM EDT. At least two security-sensitive companiesTwilio and Cloudflarewere targeted in a phishing attack by an advanced threat actor who had possession of home phone numbers of not just . The revelation was buried in a lengthy incident report updated and concluded yesterday. Customer engagement platform Twilio on Monday disclosed that a "sophisticated" threat actor gained "unauthorized access" using an SMS-based phishing campaign aimed at its staff to gain information on a "limited number" of accounts. Weve written before about what works and what doesnt when it comes to employee training, but here are the key takeaways: eLearning sessions and away days arent effective for improving security awareness. The threat actor behind the attacks on Twilio and Cloudflare earlier this month has been linked to a broader phishing campaign aimed at 136 organizations that resulted in a cumulative compromise of 9,931 accounts.. Twilio hasnt disclosed exactly what the cyber criminals managed to exfiltrate once inside the companys systems. You can change your choices at any time by visiting Your Privacy Controls. Cloud communications firm Twilio has confirmed a new data breach stemmed from a previously disclosed August 2022 security incident, Bleeping Computer reports. The incident highlights both the persistent threat of social engineering to corporate end usersand the increasing focus threat actors are placing on compromising strategic technology providers further up the supply chain. Twilio employees are responsible for understanding With the type of security services that Twilio provides, this should NEVER . Twilio Reveals Further Security Breach. Threat actors have become more sophisticated with their social engineering attack methods. According to the report, hackers sent some text messages to current and former employees of the company. This is a preliminary report on Twilio's security posture. The San Francisco-based firm did not reveal the exact number of customers impacted by the June incident, and why the disclosure was made four months after it took place. The company, which provides the tools for phone and text communication, notified the public that it has become aware of unauthorized access to . Further commenting on the attack, Twilio explained its belief that the threat actors responsible are highly-sophisticated. The cybercriminals knew that Twilio used Okta for identity and access management, They were able to match employee names from sources with their phone numbers in order to create hyper-personalized phishing texts, Once it spotted the attack, Twilio contacted network carriers to stop the malicious messages. New 'Quantum-Resistant' Encryption Algorithms. Twilio, which TechCrunch describes as a "communications giant" whose platform enables developers to build voice and SMS features into their apps, has disclosed a data breach. Information about your device and internet connection, including your IP address, Browsing and search activity while using Yahoo websites and apps. Twilio data breach. If Authy's declarations about their security are valid, that would mean that each of those 93 accounts had multi-device enabled at the time of the hack. The San Francisco company fessed up to the breach in an online notice that describes a sophisticated threat actor with clever . Twilio discloses a data breach. The attacks against Twilio were part of a much larger campaign, dubbed "0ktapus" by security researchers, that compromised over 130 organisations. . Twilio data breach: phishers fool employees into providing credentials. Once harvested, these credentials were used to access internal Twilio administrative tools and apps and, in turn, customer information. One-Stop-Shop for All CompTIA Certifications! DoorDash previously suffered a data breach in 2019 that exposed the data of nearly 5 million customers. The security event occurred on June 29, 2022, the company said in an updated advisory shared this week, as part of its probe into the digital break-in. A 'sophisticated' SMS phishing attack on Twilio employees allowed hackers to . Our investigation also led us to conclude that the same malicious actors likely were responsible for a brief security incident that occurred on June 29, 2022. However, its still worth keeping an eye on the story to see how it develops, especially as the breach has only just been unearthed. You can select 'Manage settings' for more information and to manage your choices. Our security ratings engine monitors billions of data points . Find out more about how we use your information in our Privacy Policy and Cookie Policy. What can we learn about this data breach for the future? Trust is paramount at Twilio, and, we know the security of our systems is an important part of earning and keeping your trust. Twilio Breach. In a blog post, Twilio said that the customers impacted by the breach are being contacted by Twilio while the incident is still being investigated with the help of "a leading forensics firm." The company says it is taking steps to prevent similar incidents from happening in the future. The researchers also confirm that the vulnerability has been present since 2011 and requires hackers to carry out attacks in just 3 steps- reconnaissance, exploitation, and exfiltration. Twilio has now published its incident report. A data breach earlier this month affecting Twilio, a gateway that helps web platforms communicate over SMS or voice, may have had repercussions for users of Signal, the encrypted messaging. Details of the second breach come as Twilio noted the threat actors accessed the data of 209 customers, up from 163 it reported on August 24, and 93 Authy users. Security is represented at the highest levels of the company. Nowhere has this been more clearly illustrated than the recent Twilio breach. This is due to a number of factors, including: As well as this, Twilio noted that it was not the only target of this attack campaign. Enterprise software vendor Twilio (NYSE: TWLO) has been hacked by a relentless threat actor who successfully tricked employees into giving up login credentials that were then used to steal third-party customer data. Updated to add on July 22. In this instance, this means no news is good news. The attack against Twilio has been attributed to a hacking group tracked by Group-IB and Okta under the names 0ktapus and Scatter Swine, and is part of a broader campaign against software, telecom, financial, and education companies. June vishing attack led to compromise of customer data. "The last observed unauthorized activity in our environment was on August 9, 2022," it said, adding, "There is no evidence that the malicious actors accessed Twilio customers' console account credentials, authentication tokens, or API keys.". Twilio itself said it has reemphasized our security training to ensure employees are on high alert for social engineering attacks. From our view, this is one of the most important takeaways for organizations: the importance of security awareness and training. This breach serves as a reminder about the importance of effective employee phishing training.