San Francisco, Aug 15 : The US-based Cloud communication company Twilio has admitted a breach of its data when hackers accessed the company’s internal systems following the theft of credentials of employees in an SMS phishing attack. Twilio announced that it had identified 125 customers that had their data stolen in the course of an attack on security.
“We have identified around 130 Twilio customers whose information was obtained by criminals for a brief time of time and we have notified the majority of them,”” Twilio said in an announcement.
Twilio, which is the owner of the well-known two-factor authentication (2FA) Authy, said over the weekend that on August 4, it was made aware of unauthorised access to data about a limited amount of Twilio customers’ accounts.
This was due to an elaborate social engineering attack that was designed to steal employee credentials.
“The attackers then utilized the credentials stolen to gain access to certain of our internal systems from which they were able to access specific customer information,” it said in an announcement.
According to Bleeping Computer, the SMS scam messages “baited Twilio’s employees to click the links embedded in the messages by informing the employees that their passwords were expired or were due to change”.
Twilio later removed the compromised credentials of employees to prevent attackers access to its systems.
The company also asked a number of US mobile operators to close down accounts used to send fraudulent messages, as the report noted.
na/dpb
.
