Twillio, an American company based in San Francisco, California, which provides programmable communication tools for making and receiving phone calls, sending and receiving text messages, and performing other communication functions using its web service APIs, was breached after several employees fell for a “sophisticated phishing attempt”. Information accessed by the hackers includes addresses, payment details, IP addresses, and in some cases proof of identity.
”On August 4, 2022, Twilio became aware of unauthorized access to information related to a limited number of Twilio customer accounts through a sophisticated social engineering attack designed to steal employee credentials. This broad based attack against our employee base succeeded in fooling some employees into providing their credentials. The attackers then used the stolen credentials to gain access to some of our internal systems, where they were able to access certain customer data. We continue to notify and are working directly with customers who were affected by this incident. We are still early in our investigation, which is ongoing.
More specifically, current and former employees recently reported receiving text messages purporting to be from our IT department. Typical text bodies suggested that the employee’s passwords had expired, or that their schedule had changed, and that they needed to log in to a URL the attacker controls. The URLs used words including “Twilio,” “Okta,” and “SSO” to try and trick users to click on a link taking them to a landing page that impersonated Twilio’s sign-in page. The text messages originated from U.S. carrier networks. We worked with the U.S. carriers to shut down the actors and worked with the hosting providers serving the malicious URLs to shut those accounts down. Additionally, the threat actors seemed to have sophisticated abilities to match employee names from sources with their phone numbers.”
Their company provided these screenshots as examples of the phishing attempt it’s employees fell for:
Twilio has over 5,000 employees in 26 offices in 17 countries, 200,000 customers and more than 2B USD in revenue in 2021. In March 2020, Twillio announced the appointment of Steve Pugh as Chief Security Officer, who is supposed to ensure employees are trained to recognize and defeat phishing attempts like these.