Technology Tips

August 13, 2022

Twilio Data Breach Happened Via Employee Smishing

Written By Securafy Team

Twilio is the Cloud Communications Company. They are the latest to fall victim to a data breach.

The company recently disclosed that some of its customer data was accessed by unknown attackers who gained access to the system by stealing employee login credentials via an SMS phishing attack, known as 'Smishing,' for short.

The company's disclosure reads in part as follows:

"On August 4, 2022, Twilio became aware of unauthorized access to information related to a limited number of Twilio customer accounts through a sophisticated social engineering attack designed to steal employee credentials.

The attackers then used the stolen credentials to gain access to some of our internal systems, where they were able to access certain customer data."

The smishing attack succeeded because the attackers were able to convince company employees that the SMS messages they were receiving were coming from the company's own IT department.  The messages contained URLs containing the keywords "Twilio," "SSO" and "Okta" which are commonly used by the company.

Unfortunately, if an employee tapped these links, they would not be taken to company resources but rather to a page that had been cloned to appear as a legitimate company sign in page.

Here, they received a message that their password had expired, and the employee was asked to enter their information as part of the process of changing it.

Naturally, this action did not change the employee's password, but it did hand it over to the hackers waiting on the other end.

Per a Twilio spokesman, the attackers were only able to access data belonging to a limited number of customers, and the company is currently in the process of reaching out to those who were impacted.

If you have a Twilio account and are not contacted, your data and your account should be fine.  If you are contacted, Twilio will provide you with additional information at that time.

Picture of Securafy Team
About The Author
Our team at Securafy brings you the best tech tips, from how-to guides and troubleshooting advice to software reviews and productivity hacks. We're all about empowering businesses with the tools and knowledge they need to thrive in the digital world. Follow our posts to stay equipped with practical insights that make tech work for you.

Join the Conversation

Subscribe to our newsletter

Sign up for our FREE "Cyber Security Tip of the Week!" and always stay one step ahead of hackers and cyber-attacks.