"Twilio Hacked After Employees Tricked Into Giving Up Login Credentials"

Enterprise software vendor Twilio has recently been hacked by a relentless threat actor who successfully tricked employees into giving up login credentials that were then used to steal third-party customer data.  The company did not provide details on the extent of the breach, how many customers were affected, or whether the stolen data was encrypted and secured.  Twilio described the incident as ongoing and warns that the threat actor is sophisticated enough to rotate through telco carriers and hosting providers with social engineering lures.  Current and former employees recently reported receiving text messages purporting to be from their IT department.  Typical text bodies suggested that the employee's passwords had expired, or that their schedule had changed, and that they needed to log in to a URL the attacker controls.  The URLs used words including "Twilio," "Okta," and "SSO" to try and trick users into clicking on a link taking them to a landing page that impersonated Twilio's sign-in page.  The text messages originated from U.S. carrier networks.   The company worked with the U.S. carriers to shut down the actors and worked with the hosting providers serving the malicious URLs to shut those accounts down.  However, despite this response, the company said the malicious hackers have continued to rotate through carriers and hosting providers to resume the attacks.  Twilio did not mention if the attacker encountered any MFA (multi-factor authentication) roadblocks or if any foundational access control technology was bypassed in the social engineer attacks.  The company noted its security team revoked access to the compromised employee accounts to mitigate the attack and has hired an external forensics firm to help with the investigation.

SecurityWeek reports: "Twilio Hacked After Employees Tricked Into Giving Up Login Credentials"