• Home
  • News
  • Business
  • Gear
  • Reviews
  • Games
  • Science
  • Security
Reading: Twilio suffers data breach after its employees were targeted by a phishing campaign
Share
Ad image
Technology MagazineTechnology Magazine
Aa
  • News
  • Business
  • Gear
  • Reviews
  • Games
  • Science
  • Security
Search
  • Home
  • News
  • Business
  • Gear
  • Reviews
  • Games
  • Science
  • Security
Have an existing account? Sign In
Follow US
Technology Magazine > News > Twilio suffers data breach after its employees were targeted by a phishing campaign
News

Twilio suffers data breach after its employees were targeted by a phishing campaign

Press room
Press room Published August 8, 2022
Last updated: 2022/08/08 at 8:12 PM
Share
SHARE

Digital communication platform Twilio was hacked after a phishing campaign tricked its employees into revealing their login credentials (via TechCrunch). The company disclosed the data breach in a post on its blog, noting that only “a limited number” of customer accounts were affected by the attack. Twilio allows web services to send SMS messages and place voice calls over telephone networks and is used by companies including Uber, Twitter, and Airbnb.

The hack occurred on August 4th and involved a bad actor sending SMS messages to Twilio employees that asked them to reset their password or alerted them to a change in their schedule. Each message included a link with keywords, like “Twilio,” “SSO” (single sign-on), and “Okta,” the name of the user authentication service used by many companies. The link directed employees to a page that mimicked a real Twilio sign-in page, allowing hackers to collect the information employees inputted there.

After it became aware of the breach, Twilio worked with US phone carriers to shut down the SMS scheme and also had web hosting platforms take down the phony sign-in pages. Despite this, Twilio says that hackers managed to swap to new hosting providers and mobile carriers to continue their campaign.

“Based on these factors, we have reason to believe the threat actors are well-organized, sophisticated and methodical in their action,” Twilio adds. “Socially engineered attacks are — by their very nature — complex, advanced, and built to challenge even the most advanced defenses.”

Twilio’s working with law enforcement to find out who’s responsible for the campaign and says it also heard from companies that “were subject to similar attacks.” Twilio has since shut down access to the compromised employee accounts and will also alert any customers affected by the breach.

Social engineering is becoming an increasingly common tactic for hackers. Earlier this year, a report from Bloomberg revealed that both Apple and Meta shared data with hackers pretending to be law enforcement officials. Last year, a hacker tricked a Robinhood customer service representative into disclosing the information of over 7 million customers.

Press room August 8, 2022
Share this Article
Facebook TwitterEmail Print
What do you think?
Love0
Sad0
Happy0
Sleepy0
Angry0
Dead0
Wink0
Leave a comment

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

You Might Also Like

News

Microsoft says it has stopped its Xbox Game Pass $1 trial offer

2 Min Read
News

Apple staff reportedly express doubts about mixed-reality headset months ahead of launch

2 Min Read
News

The Wii U and Nintendo 3DS eShops shut down tomorrow

2 Min Read
News

Elon Musk reportedly halves Twitter’s valuation in internal memo

1 Min Read
  • Review
  • Top Lists
  • Contact
  • Privacy Policy
  • Terms of use

We influence 20 million users and is the number one business and technology news network on the planet.

I have read and agree to the terms & conditions

Contact US

  • Contact Us
  • DMCA
  • Editorial Policy
  • Advertise

Quick Link

  • Gear
  • Games
  • Security
  • Reviews

© 2022 Technology Magazine. All Rights Reserved.

Follow US on Socials

Removed from reading list

Undo
Welcome Back!

Sign in to your account

Lost your password?