Digital communication platform Twilio was hacked after a phishing campaign tricked its employees into revealing their login credentials (via TechCrunch). The company disclosed the data breach in a post on its blog, noting that only “a limited number” of customer accounts were affected by the attack. Twilio allows web services to send SMS messages and place voice calls over telephone networks and is used by companies including Uber, Twitter, and Airbnb.
The hack occurred on August 4th and involved a bad actor sending SMS messages to Twilio employees that asked them to reset their password or alerted them to a change in their schedule. Each message included a link with keywords, like “Twilio,” “SSO” (single sign-on), and “Okta,” the name of the user authentication service used by many companies. The link directed employees to a page that mimicked a real Twilio sign-in page, allowing hackers to collect the information employees inputted there.
After it became aware of the breach, Twilio worked with US phone carriers to shut down the SMS scheme and also had web hosting platforms take down the phony sign-in pages. Despite this, Twilio says that hackers managed to swap to new hosting providers and mobile carriers to continue their campaign.
“Based on these factors, we have reason to believe the threat actors are well-organized, sophisticated and methodical in their action,” Twilio adds. “Socially engineered attacks are — by their very nature — complex, advanced, and built to challenge even the most advanced defenses.”
Twilio’s working with law enforcement to find out who’s responsible for the campaign and says it also heard from companies that “were subject to similar attacks.” Twilio has since shut down access to the compromised employee accounts and will also alert any customers affected by the breach.
Social engineering is becoming an increasingly common tactic for hackers. Earlier this year, a report from Bloomberg revealed that both Apple and Meta shared data with hackers pretending to be law enforcement officials. Last year, a hacker tricked a Robinhood customer service representative into disclosing the information of over 7 million customers.
Note: This article have been indexed to our site. We do not claim legitimacy, ownership or copyright of any of the content above. To see the article at original source Click Here
Disney Pin - Sweet Dreams - Mystery Pouch - 5 Pin Pack
$51.95 (as of November 6, 2024 18:51 GMT +00:00 - More infoProduct prices and availability are accurate as of the date/time indicated and are subject to change. Any price and availability information displayed on [relevant Amazon Site(s), as applicable] at the time of purchase will apply to the purchase of this product.)
Hanes EcoSmart Fleece, Cotton-Blend Pullover, Crewneck Sweatshirt for Men (1 Or 2 Pack)
$12.26 (as of November 6, 2024 18:44 GMT +00:00 - More infoProduct prices and availability are accurate as of the date/time indicated and are subject to change. Any price and availability information displayed on [relevant Amazon Site(s), as applicable] at the time of purchase will apply to the purchase of this product.)
Emotional Support Plush Advent Calendar by Relatable, Perfect Plush Advent Calendar for Kids or Teens, Contains 25 Mini Collectible Plushies Including Fries, Gingerbread, and Nugget Plush Toys, Stocking Stuffers for Kids
$16.52 (as of November 6, 2024 18:51 GMT +00:00 - More infoProduct prices and availability are accurate as of the date/time indicated and are subject to change. Any price and availability information displayed on [relevant Amazon Site(s), as applicable] at the time of purchase will apply to the purchase of this product.)
Stanley Quencher H2.0 FlowState Stainless Steel Vacuum Insulated Tumbler with Lid and Straw for Water, Iced Tea or Coffee, Smoothie and More, Rose Quartz 2.0, 40 OZ / 1.18 L
$43.95 (as of November 6, 2024 18:44 GMT +00:00 - More infoProduct prices and availability are accurate as of the date/time indicated and are subject to change. Any price and availability information displayed on [relevant Amazon Site(s), as applicable] at the time of purchase will apply to the purchase of this product.)
