The data breach that hit Twilio in August 2022 resulted in theft (Opens in a new tab) of customer data, it is not the first time the same risk actor has confirmed that the company has been targeted.
After weeks of research, Twilio says it has now wrapped up an investigation into the incident and discovered in a post-up blog post that the same malicious actor also compromised its accounts in late June 2022.
Although unlike the situation of Augustus who was able to force through the attack, June became one through the vising voice of the hook.
Customer information stolen
“In the June incident, a Twilio employee was socially engineered through voice phishing (or ‘vishing’) to provide their credentials, and the malicious actor was able to gain access to customer contact information for a specific number of customers,” the company explained. In addition, it stated that it had eliminated the hack within 12 hours, and by July 2 it had notified all those affected by the incident.
In the August attack, Twilio said, the attackers used login credentials during the attack to make internal systems non-productive and disrupt the endpoints. (Opens in a new tab). There they found the data of 209 customers, as well as 93 Authy end users.
“209 customers – out of a total customer base of over 270,000 – and 93 auty end users – out of approximately 75 million users – had accounts that were impacted by the incident,” Twilio said. The investigation also showed that customers likely did not have access to account console credentials, API keys, or authentication passwords.
The company disclosed the matter on the 7th of September, but later learned that it had been delayed for two more days. “The last alien activity observed in our environment was on August 9, 2022,” the company added.
According to the report, the Twilio attack was not an isolated incident, but part of a larger campaign of cybercrimes by a group called Sues Dispersed (AKA 0ktapus). At least 130 organizations were hit, including MailChimp and Cloudflare.
Road: BleepingComputer (Opens in a new tab)