Communications supplier Twilio experiences information breach via phishing assault

Messaging, name centre, and two-factor authentication supplier Twilio, has confirmed as we speak a breach of its community via what it calls a “refined assault” which resulted in entry to a “restricted quantity” of buyer accounts because of some workers falling for a social engineering assault.

It has but to substantiate precisely what number of buyer accounts have been accessed because of the breach, however the investigation remains to be ongoing. Twilio mentioned that it first turned conscious of the assault on August 4, 2022, and it’s persevering with to inform and work with clients who’ve been affected by the incident.

The assault itself was a phishing assault which despatched textual content messages to present, and former workers posing as Twilio’s IT division, suggesting that their password had expired, or that their schedule had modified, with a hyperlink to take motion offered. And Twilio confirmed that different corporations had been affected by the identical sort of assault and that it has been working with them to close this down with US carriers.

The attackers continued after this motion regardless, rotating via different US carriers and internet hosting suppliers to proceed concentrating on Twilio workers. It has but to determine the precise perpetrator behind the assault however it’s working with regulation enforcement to find out this.

Twilio stresses in its weblog publish that “If you aren’t contacted by Twilio, then it means we have now no proof that your account was impacted by this assault”.

Supply hyperlink

Leave a Comment

Your email address will not be published.