INCIDENT: Twilio Suffers Data Breach

Cloud communications company Twilio says some of its customers' data was accessed by attackers who breached internal systems after stealing employee credentials in an SMS phishing attack.
"On August 4, 2022, Twilio became aware of unauthorized access to information related to a limited number of Twilio customer accounts through a sophisticated social engineering attack designed to steal employee credentials," Twilio said in an advisory.
"The attackers then used the stolen credentials to gain access to some of our internal systems, where they were able to access certain customer data."
The company also revealed the attackers gained access to its systems after tricking and stealing credentials from multiple employees targeted in the phishing incident.

Incident Date

August 4, 2022

Location

United States

Estimated Cost

Unknown, but this started as a phishing attack.

Victims

Type of Malware:

Threat Source:

References:

  • Okta one-time MFA passcodes exposed in Twilio cyberattack
  • Twilio hackers hit over 130 orgs in massive Okta phishing attack
  • Twilio discloses data breach after SMS phishing attack on employees

Industries:

Impacts

IT

Pin It on Pinterest

Scroll to Top