Vumetric is now part of the TELUS family! Learn more →

Twilio confirms data breach after its employees got phished

Cloud communications company Twilio has announced that some of it employees have been phished and that the attackers used the stolen credentials to gain access to some internal company systems and customer data.

Apparently, Twilio employees were not the only ones targeted by these attackers.

According to Tech Crunch, the attackers tried the same tactics against employees of a U.S. internet company, an IT outsourcing company and a customer service provider.

“We have reemphasized our security training to ensure employees are on high alert for social engineering attacks, and have issued security advisories on the specific tactics being utilized by malicious actors since they first started to appear several weeks ago. We have also instituted additional mandatory awareness training on social engineering attacks in recent weeks,” Twilio said, but obviously even that wasn’t enough to prevent some employees getting fooled.

While the attackers are, as Twilio says, well-organized and methodical, the sophistication of this attack campaign is mostly revolves around the fact that the attackers were able to “Match employee names from sources with their phone numbers.”

Twilio has previously suffered a data breach in April 2021, as a direct result of the Codecov supply chain compromise, and another security incident in July 2020 that resulted in attackers injecting malicious code into their TaskRouter JS SDK library.

Share this article on social media:

Subscribe to Our Newsletter!
Stay on top of cybersecurity risks, evolving threats and industry news.
This field is for validation purposes and should be left unchanged.

Recent News

View more cybersecurity news →

Featured Services

The Latest Cybersecurity News

From major cyberattacks, newly discovered critical vulnerabilities to recommended best practices, read it here first:

BOOK A MEETING

Enter your Email Address

This field is for validation purposes and should be left unchanged.

* No free email provider (e.g: gmail.com, hotmail.com, etc.)

This site is registered on wpml.org as a development site. Switch to a production site key to remove this banner.