"Twilio Reveals Further Security Breach"

Communication tool provider Twilio recently revealed that the same malicious actors responsible for a July breach at the firm also compromised an employee a month prior, exposing customer information.  In the attack in July, the attackers sent hundreds of “smishing” text messages to the mobile phones of current and former Twilio employees.  Posing as Twilio or other IT administrators, they tricked some recipients into clicking on password reset links leading to fake Okta login pages for Twilio.  Once harvested, these credentials were used to access internal Twilio administrative tools and apps and, in turn, customer information.  The same actors were also responsible for another phishing attempt, this time carried out over the phone.  The company noted that the same malicious actors likely were responsible for a brief security incident that occurred on June 29, 2022.  In the June incident, a Twilio employee was socially engineered through voice phishing (or ‘vishing’) to provide their credentials, and the malicious actor was able to access customer contact information for a limited number of customers.  The company noted that the threat actor’s access was identified and eradicated within 12 hours.  Customers whose information was impacted by the June incident were notified on July 2, 2022.  A total of 209 customers and 93 Authy end users were impacted by the incidents, according to Twilio.  Researchers were able to trace the attacks to a wider campaign by threat actor “0ktapus,” which used similar phishing techniques against employees at other organizations, including Cloudflare.

Infosecurity reports: "Twilio Reveals Further Security Breach"