Twilio Employees Fooled by Text Scam Phishing Attack
Twilio Suffers Sophisticated Phishing Attack
On August 4, Twilio, a leading communications platform, fell victim to a well-organised and sophisticated phishing campaign. The attackers, who remain unidentified, gained access to some of Twilio's internal systems containing customer data.
The phishing campaign targeted both current and former Twilio employees, as well as a number of customers. The attackers matched employee names with their phone numbers to initiate a text message phishing campaign, claiming to be from the IT department and originating on U.S. carrier networks.
Victims were tricked into updating passwords or changing their messaging schedule via spoofed URLs. The landing page was impersonating Twilio's sign-in page, adding to the deception. Some Twilio employees were deceived into sharing Okta credentials and two-factor authentication codes, further compromising the company's security.
Upon discovery of the attack, Twilio's security team revoked access to compromised employee accounts. Affected customers are being notified on an individual basis by Twilio.
Despite a coordinated effort with network operators and hosting providers to stop the malicious messages and URLs, the threat actors resumed their attacks on other carriers and hosts, indicating a high level of sophistication and determination.
Twilio believes the threat actors behind the attacks are well-organised, sophisticated, and methodical. This is not the first time such attacks have occurred, with other organisations also falling victim to similar social engineering tactics.
The company has modern and sophisticated threat detection and deterrence measures in place. However, the nature of the attack demonstrates the need for constant vigilance and adaptation in the face of evolving cyber threats.
As the investigation continues, Twilio is working closely with law enforcement and cybersecurity experts to identify the perpetrators and prevent future attacks. The company remains committed to the security and privacy of its customers' data.
