Útočníci ukradli přihlašovací údaje zaměstnancům Twilio a nakonec napadli společnost

Representatives of the company Twilio, engaged in the development and provision of cloud PaaS services, reported that unknown attackers hacked the company and gained access to the data of some of its customers.

To do this, the attackers stole the credentials of the company’s employees by arranging a phishing attack on them via SMS.

Let me remind you that we also wrote that Hackers Start Looking for Vulnerable Endpoints 15 Minutes after They Are Discovered, and also that Hacked Software Hunters May Be Victims of FakeCrack Malware Campaign.

srpen 4, 2022, Twilio detected unauthorized access to information associated with a limited number of customer accounts. The attack was carried out with the help of sophisticated social engineering aimed at stealing the credentials of our employees. The attackers used stolen credentials to gain access to some of our internal systems, where they were able to access certain customer information.the company said in an official statement.

It is known that as part of a phishing attack on Twilio employees, hackeři vystupovali jako zástupci IT oddělení společnosti. V jejich SMS zprávách, požádali lidi, aby klikali na odkazy obsahující klíčová slova, jako je Twilio, Okta a SSO, poté byly oběti převezeny na falešnou přihlašovací stránku Twilio. Lidé byli přesvědčeni, aby klikali na škodlivé odkazy s varováním, že jejich hesla údajně vypršela nebo že je čas je změnit podle plánu, since they were out of date.

At the same time, Twilio declined to comment and disclose additional information about the incident, without answering questions from the media about how many employees were compromised and how many customers were eventually affected by this hack. It is worth noting that Twilio has 26 offices in 17 countries, employing more than 5,000 people.

The SMS messages originated from US carrier networks. We have worked with carriers to block the attackers, as well as hosting providers serving malicious URLs, to close these accounts.

We are aware that other companies have also been subjected to similar attacks, and we have coordinated with them in response to the attackers, including working with carriers to stop the spread of malicious messages, and with registrars and hosting providers to block malicious URLs. Despite these countermeasures, the attackers continue to switch carriers and hosting providers to renew their attacks.the companies add.

It is reported that an investigation into the incident is currently underway, to which law enforcement agencies have already been involved.

Immediately after the attack was discovered, Twilio canceled compromised employee accounts to block hackers from accessing their systems and began to notify customers affected by the incident. It is emphasized that the attackers gained access to a “limited amount” of data, so affected clients are notified on an individual basis.