Categories: Tech

Twilio reveals it was hit by another data breach

The data breach that hit Twilio in August 2022 resulted in theft (Opens in a new tab) of customer data, it is not the first time the same risk actor has confirmed that the company has been targeted.

After weeks of research, Twilio says it has now wrapped up an investigation into the incident and discovered in a post-up blog post that the same malicious actor also compromised its accounts in late June 2022.

Although unlike the situation of Augustus who was able to force through the attack, June became one through the vising voice of the hook.

Customer information stolen

“In the June incident, a Twilio employee was socially engineered through voice phishing (or ‘vishing’) to provide their credentials, and the malicious actor was able to gain access to customer contact information for a specific number of customers,” the company explained. In addition, it stated that it had eliminated the hack within 12 hours, and by July 2 it had notified all those affected by the incident.

Related Post

In the August attack, Twilio said, the attackers used login credentials during the attack to make internal systems non-productive and disrupt the endpoints. (Opens in a new tab). There they found the data of 209 customers, as well as 93 Authy end users.

“209 customers – out of a total customer base of over 270,000 – and 93 auty end users – out of approximately 75 million users – had accounts that were impacted by the incident,” Twilio said. The investigation also showed that customers likely did not have access to account console credentials, API keys, or authentication passwords.

The company disclosed the matter on the 7th of September, but later learned that it had been delayed for two more days. “The last alien activity observed in our environment was on August 9, 2022,” the company added.

According to the report, the Twilio attack was not an isolated incident, but part of a larger campaign of cybercrimes by a group called Sues Dispersed (AKA 0ktapus). At least 130 organizations were hit, including MailChimp and Cloudflare.

Road: BleepingComputer (Opens in a new tab)

Jacky

Recent Posts

Parler says Kayne West deal off as rapper says he ‘likes’ Hitler

The right-wing app's parent company says the decision was mutual and came before the rapper's…

9 mins ago

2022 Pac-12 Championship Game: Utah vs. USC

The Pac-12 conference will crown a champion on December 2 when the No. 11 Utah…

10 mins ago

In small studies, 97 percent of HIV-positive people are vaccinated

An experimental HIV vaccine led to antibodies against the virus in 35 out of 36…

11 mins ago

Experts look to shield students From Cracks in Mental Health Care

Psychiatry > General Psychiatry — More education and more funding are needed for severe mental…

11 mins ago

City Reports 6,000 cases, Stops COVID testing, Restaurants Open

Guangzhou, the provincial capital of Guangdong, has been engaged in a long, drawn-out battle with…

12 mins ago