• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
Cyber Security News

Twilio Reveals Further Security Breach

You are here: Home / General Cyber Security News / Twilio Reveals Further Security Breach
October 28, 2022

Communication device company Twilio has discovered that the same destructive actors responsible for a July breach at the firm also managed to compromise an employee a thirty day period prior, exposing purchaser information and facts.

The revelation was buried in a lengthy incident report current and concluded yesterday.

The report focuses predominantly on the July–August incident in which attackers sent hundreds of “smishing” textual content messages to the cellular phones of existing and previous Twilio staff.

✔ Approved Seller From Our Partners
Mullvad VPN Discount

Protect your privacy by Mullvad VPN. Mullvad VPN is one of the famous brands in the security and privacy world. With Mullvad VPN you will not even be asked for your email address. No log policy, no data from you will be saved. Get your license key now from the official distributor of Mullvad with discount: SerialCart® (Limited Offer).

➤ Get Mullvad VPN with 12% Discount


Posing as Twilio or other IT administrators, they tricked some recipients into clicking on password reset links major to bogus Okta login web pages for Twilio.

After harvested, these qualifications were being utilised to entry interior Twilio administrative applications and applications and, in transform, shopper info.

On the other hand, the exact same actors were being also liable for yet another phishing endeavor, this time carried out in excess of the phone, the report discovered.

“Our investigation also led us to conclude that the same malicious actors very likely were accountable for a short security incident that transpired on June 29, 2022. In the June incident, a Twilio employee was socially engineered by way of voice phishing (or ‘vishing’) to give their credentials, and the malicious actor was capable to entry shopper get in touch with data for a minimal range of buyers,” the discover read.

“The danger actor’s obtain was determined and eradicated in just 12 several hours. Shoppers whose data was impacted by the June incident have been notified on July 2, 2022.”

A overall of 209 shoppers and 93 Authy close customers ended up impacted by the incidents, in accordance to Twilio.

The attacks were being traced by researchers to a wider marketing campaign by menace actor “0ktapus” which used very similar phishing approaches in opposition to staff members at other organizations like Cloudflare.

The incident highlights both equally the persistent threat of social engineering to company conclude users and the increasing concentrate danger actors are inserting on compromising strategic technology vendors further more up the supply chain.


Some areas of this posting are sourced from:
www.infosecurity-journal.com

Previous Post: «Cyber Security News Santander: Radical Action Needed to Tackle APP Fraud
Next Post: Cloud and Hybrid Working Security Concerns Surge Cyber Security News»

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Report This Article

Recent Posts

  • Fortinet Releases Patch for Critical SQL Injection Flaw in FortiWeb (CVE-2025-25257)
  • PerfektBlue Bluetooth Vulnerabilities Expose Millions of Vehicles to Remote Code Execution
  • Securing Data in the AI Era
  • Critical Wing FTP Server Vulnerability (CVE-2025-47812) Actively Being Exploited in the Wild
  • Iranian-Backed Pay2Key Ransomware Resurfaces with 80% Profit Share for Cybercriminals
  • CISA Adds Citrix NetScaler CVE-2025-5777 to KEV Catalog as Active Exploits Target Enterprises
  • Critical mcp-remote Vulnerability Enables Remote Code Execution, Impacting 437,000+ Downloads
  • Fake Gaming and AI Firms Push Malware on Cryptocurrency Users via Telegram and Discord
  • Four Arrested in £440M Cyber Attack on Marks & Spencer, Co-op, and Harrods
  • What Security Leaders Need to Know About AI Governance for SaaS

Copyright © TheCyberSecurity.News, All Rights Reserved.