Twilio says the threat actors behind the attack had “sophisticated abilities to match employee names from sources with their phone numbers.”
Twilio experienced a sophisticated social engineering attack on August 4th, 2022, which led to employee accounts being accessed by a malicious third party.
Relying on the stolen logins, the attackers went on to gain access to Twilio’s internal systems along with a limited number of Twilio customer accounts and their data, said the San Francisco, California-based cloud communication platform on Monday, August 8th.
According to Twilio, former and current employees of the company were hit by phishing attacks. The phishing links were sent through text messages (a technique called SMS Phishing or SMishing) supposedly from the company’s IT department.
As seen in the screenshot below, the sender(s) attempted to trick targeted employees into clicking links and login to update their Twilio employee passwords. The attackers used terms like Twilio,” “Okta,” and “SSO” to convince victims into opening the links.
It is worth noting that Twilio uses Okta for data security and other related solutions, while SSO refers to Single Sign-On which enables customers to allow their users to login to Twilio Console using their corporate Identity Provider (such as Azure Active DIrectory, Okta, Onelogin, etc) credentials.
The text messages originated from U.S. carrier networks. We worked with the U.S. carriers to shut down the actors and worked with the hosting providers serving the malicious URLs to shut those accounts down. Additionally, the threat actors seemed to