Unified communications specialist Twilio victim of phishing, customers are affected

Twilio, a company specializing in the integration of communication functionalities for companies, reported a cybersecurity incident on August 7, 2022. This follows a phishing attack carried out on its employees.

125 customers affected

The San Francisco-based company develops software bricks to facilitate the integration of business communication features into any application. The goal is to offer a tool from which its customers can manage and personalize communications with customers, whether via WhatsApp, SMS, video, etc. It also offers email marketing services. Twilio claims more than 150,000 corporate customers including Facebook, Uber and Deliveroo. But also Deezer, Galeries La Fayette Champs Elysées, Arkea and Evaneos in France.

Twilio has identified approximately 125 customers whose data was accessed by malicious actors for a limited period. All have been informed of the problem. However, Twilio adds to continue his investigation. If other affected customers are identified they will be notified immediately. “There is no evidence that customer passwords, authentication tokens or API keys were accessed without authorization”adds the company.

While Twilio doesn’t specify what data the hackers accessed, its privacy policy says the information collected includes addresses, payment details, IP addresses and, in some cases, proof of identity, TechCrunch details.

A phishing attack

Twilio explains that it detected unauthorized access to information related to “a limited number of customer accounts” August 4. This was made possible by a massive phishing attack that resulted in some employees handing over their credentials to the bad guys. Some employees or former employees have reported receiving text messages claiming to be from the IT department suggesting that the password has expired or that their schedule has changed and urging them to connect to a URL managed by the attackers. From this link they could retrieve the login credentials. The attackers seemed to have the ability to match people’s names with their phone numbers.

The hackers then used this information to access Twilio’s internal systems and customer data. Twilio says it is working with US carriers to shut down malicious numbers, and with hosts to shut down web pages. Importantly, access to compromised employee accounts was quickly revoked once the threat was detected.

Twilio adds that he has not identified where the threat comes from. However, the same attacker appears to have created other phishing pages impersonating other companies, reports TechCrunch. But the effects of these attacks are not yet known.