Communication device company Twilio has discovered that the same destructive actors responsible for a July breach at the firm also managed to compromise an employee a thirty day period prior, exposing purchaser information and facts.
The revelation was buried in a lengthy incident report current and concluded yesterday.
The report focuses predominantly on the July–August incident in which attackers sent hundreds of “smishing” textual content messages to the cellular phones of existing and previous Twilio staff.
Posing as Twilio or other IT administrators, they tricked some recipients into clicking on password reset links major to bogus Okta login web pages for Twilio.
After harvested, these qualifications were being utilised to entry interior Twilio administrative applications and applications and, in transform, shopper info.
On the other hand, the exact same actors were being also liable for yet another phishing endeavor, this time carried out in excess of the phone, the report discovered.
“Our investigation also led us to conclude that the same malicious actors very likely were accountable for a short security incident that transpired on June 29, 2022. In the June incident, a Twilio employee was socially engineered by way of voice phishing (or ‘vishing’) to give their credentials, and the malicious actor was capable to entry shopper get in touch with data for a minimal range of buyers,” the discover read.
“The danger actor’s obtain was determined and eradicated in just 12 several hours. Shoppers whose data was impacted by the June incident have been notified on July 2, 2022.”
A overall of 209 shoppers and 93 Authy close customers ended up impacted by the incidents, in accordance to Twilio.
The attacks were being traced by researchers to a wider marketing campaign by menace actor “0ktapus” which used very similar phishing approaches in opposition to staff members at other organizations like Cloudflare.
The incident highlights both equally the persistent threat of social engineering to company conclude users and the increasing concentrate danger actors are inserting on compromising strategic technology vendors further more up the supply chain.
Some areas of this posting are sourced from: