Twilio Hacked After Employees Tricked Into Giving Up Login Credentials
Residence › Cyberwarfare
Twilio Hacked After Workers Tricked Into Giving Up Login Credentials
By Ryan Naraine on August 08, 2022
Tweet
Enterprise software program vendor Twilio (NYSE: TWLO) has been hacked by a relentless risk actor who efficiently tricked workers into giving up login credentials that have been then used to steal third-party buyer information.
The San Francisco firm fessed as much as the breach in a web-based discover that describes a complicated risk actor with intelligent social engineering expertise and sufficient sources to change carriers for ongoing text-based phishing assaults.
Twilio mentioned the assault towards its worker base succeeded in fooling some workers into offering their credentials. “The attackers then used the stolen credentials to realize entry to a few of our inside methods, the place they have been in a position to entry sure buyer information,” Twilio added.
The corporate didn’t present particulars on the extent of the breach, what number of clients have been affected, or whether or not the stolen information was encrypted and secured.
Twilio, a powerhouse within the enterprise communication API enterprise with 26 workplaces in 17 nations, described the incident as ongoing and warns that the risk actor is refined sufficient to rotate via telco carriers and internet hosting suppliers with social engineering lures.
[ READ: Twilio, HashiCorp Among Codecov Supply Chain Hack Victims ]
“Based mostly on these elements, we have now purpose to consider the risk actors are well-organized, refined and methodical of their actions,” Twilio mentioned.
From the Twilio advisory:
“On August 4, 2022, Twilio turned conscious of unauthorized entry to info associated to a restricted variety of Twilio buyer accounts via a complicated social engineering assault designed to steal worker credentials.
Extra particularly, present and former workers not too long ago reported receiving textual content messages purporting to be from our IT division. Typical textual content our bodies instructed that the worker’s passwords had expired, or that their schedule had modified, and that they wanted to log in to a URL the attacker controls.
The URLs used phrases together with “Twilio,” “Okta,” and “SSO” to try to trick customers to click on on a hyperlink taking them to a touchdown web page that impersonated Twilio’s sign-in web page. The textual content messages originated from U.S. service networks. We labored with the U.S. carriers to close down the actors and labored with the internet hosting suppliers serving the malicious URLs to close these accounts down.
[The] risk actors appeared to have refined talents to match worker names from sources with their telephone numbers.”
Twilio didn’t point out if the attacker encountered any MFA (multi-factor authentication) roadblocks or if any foundational entry management know-how was bypassed within the social engineer assaults.
“We have now heard from different firms that they, too, have been topic to related assaults, and have coordinated our response to the risk actors – together with collaborating with carriers to cease the malicious messages, in addition to their registrars and internet hosting suppliers to close down the malicious URLs,” Twilio mentioned.
Nonetheless, regardless of this response, the corporate mentioned the malicious hackers have continued to rotate via carriers and internet hosting suppliers to renew the assaults.
Twilio mentioned its safety staff revoked entry to the compromised worker accounts to mitigate the assault and has employed an exterior forensics agency to assist with the investigation.
Associated: Uncovered Twilio SDK Abused for Malvertising Assault
Associated: Twilio Credentials Hardcoded in Cellular Apps Expose Calls, Texts
Associated: Twilio, HashiCorp Amongst Codecov Provide Chain Hack Victims
Get the Day by day Briefing
- Most Latest
- Most Learn
- Twilio Hacked After Workers Tricked Into Giving Up Login Credentials
- 7-Eleven Closes Shops in Denmark After Hacker Assault
- Meta Disrupted Two Cyberespionage Operations in South Asia
- HYAS Unveils New Device for Steady DNS Monitoring
- Cyberspying Geared toward Industrial Enterprises in Russia and Ukraine Linked to China
- US, Australian Cybersecurity Businesses Publish Record of 2021’s High Malware
- Greece Flies Russian Cash Launderer to US: Lawyer
- Twitter Breach Uncovered Nameless Account Homeowners
- Ghost Safety Snags $15M Funding for API Safety Tech
- Slack Forces Password Resets After Discovering Software program Flaw
Searching for Malware in All of the Mistaken Locations?
First Step For The Web’s subsequent 25 years: Including Safety to the DNS
Tattle Story: What Your Pc Says About You
Be in a Place to Act Via Cyber Situational Consciousness
Report Reveals Closely Regulated Industries Letting Social Networking Apps Run Rampant
2010, A Nice 12 months To Be a Scammer.
Do not Let DNS be Your Single Level of Failure
The best way to Determine Malware in a Blink
Defining and Debating Cyber Warfare
The 5 A’s that Make Cybercrime so Enticing
The best way to Defend Towards DDoS Assaults
Safety Budgets Not in Line with Threats
Anycast – Three Causes Why Your DNS Community Ought to Use It
The Evolution of the Prolonged Enterprise: Safety Methods for Ahead Pondering Organizations
Utilizing DNS Throughout the Prolonged Enterprise: It’s Dangerous Enterprise