Twilio, a tech giant from San Francisco, became a victim of a phishing scam, resulting in the exposure of consumers’ data. The exact incident took place on August 4 and is likely conducted through the use of SMS phishing.
Twilio Data Breach
Twilio, the provider of voice and SMS notification services for various purposes, turned out to be hacked on Thursday, August 4. The incident was uncovered four days later, on August 8th. As the company serves over 150,000 companies, it is pretty clear that “some customers” they mention in their official note as exposed are much more than a dozen. According to the company’s statements, it stores the data about physical and IP addresses, payment details, proof of identity and email addresses. Not very pleasant, but not critical either.
— Brett Callow (@BrettCallow) August 8, 2022
The way hackers broke into Twilio is a timeless classic – the SMS spam messages. They reportedly mimic the Okta secure access notification. The latter serves a lot of companies as secure single-sign-on services provider. It is funny that Okta itself was struck by a similar phishing scam earlier this year. In the case of Twilio, several employees received a message that offered them to log in again as their past token has expired. The link in the message was spoofed and led to the site controlled by crooks, although it looked like a legit page.
Phishing attacks keep going
Corporate-scale phishing attacks happen pretty frequently these days, but no one expected that it would touch tech giants so often. Okta, Twilio – these names are ranked at the top of both the tech community and stock market. And users are usually pretty susceptible to the cases when the company loses their data, either individuals or other corporations. Threat actors who commence these attacks act very organised and consistent in their actions. This characteristic is typical for ransomware gangs, but not for phishing actors.
Any corporation, regardless if it was attacked or not, should work out a response to this kind of threat. That could be the instruction for employees about how to recognise the scam messages, as well as advanced restrictions on data access. Overall, the preventive measures are in priority, as they do not give the crooks a chance. The situation with such famous companies shows that the overall cybersecurity awareness remains at an unacceptable level. Such phishing attacks may lead not only to data breaches but also to ransomware attacks and APT deployment. And in case of the latter, it will be much harder to detect the case.