"Culprit Behind Twilio Hack Traced to Earlier Vishing Attack That Nabbed Employee Credentials"
Further investigation into an August smishing attack on Twilio has revealed a link to a previous vishing attack (voice phishing) attack. The malicious actor behind the August Twilio hack appears to have also hit the company in June in a separate incident that exposed a smaller amount of customer contact information. The Twilio hack in August resulted from a campaign that bombarded employees with SMS messages, eventually convincing one of them to visit a fake login page. The company recently completed its investigation into this incident, discovering that the same attacker was responsible for a smaller breach in June. However, in that previous incident, a vishing attack was used to convince a company employee to give up their login credentials over the phone. According to reports, the June vishing attack window lasted only about 12 hours and gave the attackers access to a "limited" amount of customer information. Those affected were notified in July, but the connection to the August attack is new. The August Twilio hack appears to have been launched shortly after customers were notified of the first attack, with the hacker changing their approach to pose as a member of the company's IT staff and attempt to get employees to enter credentials into a fraudulent Okta login portal. This article continues to discuss the vishing attack carried out by the perpetrator behind the August Twilio hack.