Residence › Phishing

DoorDash Knowledge Compromised Following Twilio Hack

By Eduard Kovacs on August 26, 2022

Tweet

Meals supply firm DoorDash revealed on Thursday that buyer and worker knowledge has been uncovered because of a current breach at a third-party vendor.

DoorDash stated hackers abused a third-party vendor’s entry to its techniques. The attacker abused DoorDash’s inner instruments and gained entry to the knowledge of ‘a small share of people’.

Within the case of customers, the compromised info consists of names, e-mail addresses, supply addresses, and cellphone numbers. In some instances, partial fee card info (card kind and final 4 digits of card quantity) and primary order info was additionally uncovered.

Within the case of Dashers — the individuals who make deliveries — the attacker accessed title and cellphone quantity or e-mail handle.

“Based mostly on our investigation so far, the knowledge accessed by the unauthorized social gathering didn’t embrace passwords, full fee card numbers, checking account numbers, or Social Safety or Social Insurance coverage numbers,” DoorDash stated.

The corporate added that it has “no motive to imagine that affected private info has been misused for fraud or identification theft.”

Whereas the meals supply platform’s public safety discover doesn’t title the affected third-party vendor, the corporate has advised the media that it’s Twilio.

Twilio is likely one of the greater than 130 firms focused just lately in a large phishing marketing campaign that leverages SMS-based messages to lure the workers of focused organizations to phishing web sites that instruct them at hand over their credentials.

The attackers seem like principally excited about Okta identification service credentials, which is why cybersecurity agency Group-IB has been monitoring the marketing campaign as 0ktapus.

Based on Group-IB, the hackers seem to have obtained practically 10,000 credentials, together with from Cloudflare and Twilio.

Whereas within the case of Cloudflare impression seems to have been restricted by the attackers’ incapability to bypass two-factor authentication, Twilio has confirmed that the incident has impacted not less than 163 prospects.

A kind of impacted prospects is the safe communications agency Sign, which reported just lately that 1,900 of its customers have been impacted, with the attackers trying to re-register their cellphone numbers to new gadgets.

Most of the victims of the 0ktapus marketing campaign are organizations in the US. Group-IB believes the attackers could have obtained the cellphone numbers to which they despatched phishing messages after focusing on cell operators and telecom firms.

Based mostly on the targets and the attackers’ actions, the cybersecurity agency believes the group is probably going financially motivated.

Associated: Cryptocurrency Providers Hit by Knowledge Breach at CRM Firm HubSpot

Associated: Microsoft, Okta Affirm Knowledge Breaches Involving Compromised Accounts

Get the Each day Briefing

• Most Current
• Most Learn

• DoorDash Knowledge Compromised Following Twilio Hack
• Ransomware Operator Abuses Anti-Cheat Driver to Disable Antiviruses
• Crypto Corporations Say US Sanctions Restrict Use of Privateness Software program
• Iranian Authorities Hackers Exploit Log4Shell in SysAid Apps for Preliminary Entry
• New ‘Agenda’ Ransomware Custom-made for Every Sufferer
• CISA Urges Vital Infrastructure to Put together for Publish-Quantum Cryptography
• CISA: Vulnerability in ​​Delta Electronics ICS Software program Exploited in Assaults
• Twitter Ordered to Give Musk Further Bot Account Knowledge
• LastPass Says Supply Code Stolen in Knowledge Breach
• Leaked Docs Present Spyware and adware Agency Providing iOS, Android Hacking Providers for $eight Million

Searching for Malware in All of the Improper Locations?

First Step For The Web’s subsequent 25 years: Including Safety to the DNS

Tattle Story: What Your Pc Says About You

Be in a Place to Act By Cyber Situational Consciousness

Report Reveals Closely Regulated Industries Letting Social Networking Apps Run Rampant

2010, A Nice Yr To Be a Scammer.

Do not Let DNS be Your Single Level of Failure

Methods to Determine Malware in a Blink

Defining and Debating Cyber Warfare

The 5 A’s that Make Cybercrime so Enticing

Methods to Defend In opposition to DDoS Assaults

Safety Budgets Not in Line with Threats

Anycast – Three Causes Why Your DNS Community Ought to Use It

The Evolution of the Prolonged Enterprise: Safety Methods for Ahead Pondering Organizations

Utilizing DNS Throughout the Prolonged Enterprise: It’s Dangerous Enterprise

Orbit Brain

http://orbitbrain.com/

Orbit Brain is the senior science writer and technology expert. Our aim provides the best information about technology and web development designing SEO graphics designing video animation tutorials and how to use software easy ways
and much more. Like Best Service Latest Technology, Information Technology, Personal Tech Blogs, Technology Blog Topics, Technology Blogs For Students, Futurism Blog.