Twilio Reveals Another Phishing Incident in its Latest Report Update

Cloud communications provider Twilio has revealed in its latest incident report update that it suffered "a brief security incident" on June 29, 2022.

The incident came about through a voice phishing attack on a Twilio employee, leading them to provide their credentials and enabling the perpetrators to access customer contact information.

Twilio said in the report that the actor's access was identified and removed within 12 hours of happening, however, the customers whose information was affected by the incident were notified on July 2, 2022.

The company also said the perpetrators of the June incident were the same as those of the August one, namely hacking groups "0ktapus" and "Scatter Swine".

On August 9, 2022, Twilio suffered a phishing attack when the hackers accessed the data of 209 customers, out of a total customer base of over 270,000. The perpetrators sent hundreds of "smishing" (SMS and phishing) text messages to current and former Twilio employees, urging them to click on fake password-reset links. The links opened fake login pages which required employees to enter their credentials.

The company reported that "there was no evidence that the malicious actors accessed Twilio customers’ console account credentials, authentication tokens, or API keys".

To prevent similar events from happening in the future, Twilio said that it has implemented a number of additional security measures, including FIDO2-compliant hardware security keys and increased refresh frequency of tokens for Okta-integrated applications.