Twilio confirms data breach after its employees got phished

Cloud communications company Twilio has announced that some of it employees have been phished and that the attackers used the stolen credentials to gain access to some internal company systems and customer data.

Apparently, Twilio employees were not the only ones targeted by these attackers.

According to Tech Crunch, the attackers tried the same tactics against employees of a U.S. internet company, an IT outsourcing company and a customer service provider.

“We have reemphasized our security training to ensure employees are on high alert for social engineering attacks, and have issued security advisories on the specific tactics being utilized by malicious actors since they first started to appear several weeks ago. We have also instituted additional mandatory awareness training on social engineering attacks in recent weeks,” Twilio said, but obviously even that wasn’t enough to prevent some employees getting fooled.

While the attackers are, as Twilio says, well-organized and methodical, the sophistication of this attack campaign is mostly revolves around the fact that the attackers were able to “Match employee names from sources with their phone numbers.”

Twilio has previously suffered a data breach in April 2021, as a direct result of the Codecov supply chain compromise, and another security incident in July 2020 that resulted in attackers injecting malicious code into their TaskRouter JS SDK library.

Share this article on social media:

Subscribe to Our Newsletter!
Stay on top of cybersecurity risks, evolving threats and industry news.

The Latest Cybersecurity News

From major cyberattacks, newly discovered critical vulnerabilities to recommended best practices, read it here first:

Tell us about your needs.
Get an answer the same business day.

Tell us about your needs.
Get an answer the same business day.

Fill out the form below and get an answer from our experts within 1 business day.
Got an urgent request? Call us at 1-877-805-7475 or Book a meeting.
PCI-DSS

What happens next:

  • We reach out to learn about your objectives
  • We work together to define your project's scope
  • You get an all-inclusive, no engagement proposal

Scroll to Top

BOOK A MEETING

Enter Your
Corporate Email

Restez Informés!

Abonnez-vous pour rester au fait des dernières tendances, menaces, nouvelles et statistiques dans l’industrie.