16.2 C
London
Sunday, September 25, 2022

Twilio employees were tricked into a phishing scam…and some customers were affected

Must read

Doctors push for more research on little-known STDs linked to infertility in men and women

Doctors are pushing for more research into a little-known sexually transmitted disease that may be more common than thought. Scientists have known about mycoplasma...

Nubank’s IPO has a bitter aftertaste for Brazilian shareholders • londonbusinessblog.com

Welcome at the londonbusinessblog.com Exchange, a weekly newsletter about startups and markets. It is inspired by the daily londonbusinessblog.com+ column from which it...

Kenyan startup Ponea gains momentum in driving access to medical services • londonbusinessblog.com

Serial Kenyan Technology entrepreneur Mike Macharia Over the past two decades, companies such as Safaricom, East Africa's largest telecom provider, have helped create infrastructure...

NASA cancels Artemis I launch due to potential hurricane threat

NASA's Artemis I launch has been delayed several times. |...
Shreya Christinahttps://londonbusinessblog.com
Shreya has been with londonbusinessblog.com for 3 years, writing copy for client websites, blog posts, EDMs and other mediums to engage readers and encourage action. By collaborating with clients, our SEO manager and the wider londonbusinessblog.com team, Shreya seeks to understand an audience before creating memorable, persuasive copy.

Digital communications platform Twilio was hacked after a phishing campaign tricked its employees into revealing their credentials (through TechCrunch). The company disclosed the data breach in a post on his blog, noting that only “a limited number” of customer accounts were affected by the attack. Twilio enables web services to send text messages and make voice calls over telephone networks and is used by companies such as Uber, Twitter and Airbnb.

The hack took place on August 4 and involved a bad actor who sent text messages to Twilio employees asking them to reset their passwords or notifying them of a change in their schedule. Each message contained a link with keywords such as “Twilio,” “SSO” (single sign-on), and “Okta,” the name of the user authentication service used by many companies. The link led employees to a page that mimicked a real Twilio login page, allowing hackers to collect the information employees entered there.

After becoming aware of the breach, Twilio teamed up with US phone companies to shut down the texting scheme and also had web hosting platforms remove the fake login pages. Despite this, Twilio says hackers have managed to switch to new hosting and mobile carriers to continue their campaign.

“Based on these factors, we have reason to believe that the threat actors are well-organized, sophisticated and methodical,” added Twilio. “Socially manipulated attacks are – by their very nature – complex, sophisticated and built to challenge even the most sophisticated defenses.”

Twilio is working with law enforcement to find out who is responsible for the campaign and says it has also heard of companies that have been “victims of similar attacks”. Twilio has since cut off access to the compromised employee accounts and will also warn all customers affected by the breach.

Social engineering is becoming an increasingly common tactic for hackers. Earlier this year, a report by Bloomberg revealed that both Apple and Meta shared data with hackers posing as law enforcement officers. Last year, a hacker tricked a Robinhood customer service representative into revealing the information of more than 7 million customers.

More articles

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Latest article

Doctors push for more research on little-known STDs linked to infertility in men and women

Doctors are pushing for more research into a little-known sexually transmitted disease that may be more common than thought. Scientists have known about mycoplasma...

Nubank’s IPO has a bitter aftertaste for Brazilian shareholders • londonbusinessblog.com

Welcome at the londonbusinessblog.com Exchange, a weekly newsletter about startups and markets. It is inspired by the daily londonbusinessblog.com+ column from which it...

Kenyan startup Ponea gains momentum in driving access to medical services • londonbusinessblog.com

Serial Kenyan Technology entrepreneur Mike Macharia Over the past two decades, companies such as Safaricom, East Africa's largest telecom provider, have helped create infrastructure...

NASA cancels Artemis I launch due to potential hurricane threat

NASA's Artemis I launch has been delayed several times. |...

2 best stocks of all time!

This bear market reminds me of my 2 best trades of all time. That was when I bought Amazon (AMZN) and Booking (BKNG)...