Elain Brown Tech 08.12.2022 20:Aug PM EDT

Twilio Confirms 125 Customers Have Been Affected by Data Breach — Have Passwords Been Stolen?

The Twilio data breach reports that users' passwords were not compromised.

Twilio, the company that provides a cloud computing platform and owns Authy, the two-factor authentication, has clarified to its customers that the recent security breach in their systems did affect 125 users.

In an update provided regarding the Twilio hack, the malicious actor was able to access the data of the 125 customers that were affected and said that the victims had been notified.

The company also stated that there is no evidence that their customers' API keys, authentication tokens, or passwords were accessed without authorization.

Twilio Data Breach

Twilio's data breach was first detected on August 4, 2022. The company became aware of an unauthorized actor attempting to access accounts of their customers in their system.

As reported by Twilio, the hack was carried on by using their employees against them. The hackers tailored social engineering attacks against their employees to steal their credentials.

Some of the company's employees were unfortunately scammed into providing their credentials by this widespread attack that was directed against their employee base.

The attackers were then able to access certain customer information by using the stolen credentials to log into some of their internal systems and gain access there.

In addition, the Twilio data breach did not just target a small number of the company's employees; it even targeted a plethora of current and former employees of the company.

These employees, old and new, received text messages disguised as being from the IT Department of the company.

The text messages were crafted in a way that conveys urgency to change the employee's passwords, stating that they have already expired.

Some of the malicious messages informed employees that their schedule had changed and they needed to log in to a domain provided by the attacker to access their new schedule.

The URLs included words like "SSO," "Twilio," and "Okta" in an attempt to trick users into clicking on a link that would take them to a landing page that imitated Tilio's sign-in page.

This was done in an attempt to steal their credentials. The text messages were sent from carrier networks located in the United States.

According to BleepingComputer, this is not the first time that the company has been targeted in a data breach. Twilio also encountered a data breach in May 2021.

The Twilio hack back then was impacted by the Codecov supply-chain attack. It occurred when threat actors trojanized the legitimate Codecov Bash Uploader tool in order to steal credentials and secret keys from Codecov customers.

Ongoing Investigation into Twilio's Hack

Due to the hack, the information security team of the company has been working very hard to provide customers who were affected with more information about the attack.

If Twilio has not gotten in touch with a customer, it indicates that there is no evidence to suggest that their account was affected by the recent cyberattack. Attacks using social engineering are still being carried out by malicious actors.

In order to protect themselves from these kinds of assaults, the company has implemented a number of additional safeguards within the business, including the strengthening of their security controls on multiple levels.

The investigation being conducted by Twilio is still ongoing, and if they discover any additional customers who were affected, their information security team will get in touch with them directly.

They are not providing any further details to the public as the investigation is still ongoing and could potentially reveal sensitive information.