Twilio Data Breach Happened Via Employee Smishing

Twilio is the Cloud Communications Company. They are the latest to fall victim to a data breach.

The company recently disclosed that some of its customer data was accessed by unknown attackers who gained access to the system by stealing employee login credentials via an SMS phishing attack, known as ‘Smishing,’ for short.

The company’s disclosure reads in part as follows:

“On August 4, 2022, Twilio became aware of unauthorized access to information related to a limited number of Twilio customer accounts through a sophisticated social engineering attack designed to steal employee credentials.

The attackers then used the stolen credentials to gain access to some of our internal systems, where they were able to access certain customer data.”

The smishing attack succeeded because the attackers were able to convince company employees that the SMS messages they were receiving were coming from the company’s own IT department.  The messages contained URLs containing the keywords “Twilio,” “SSO” and “Okta” which are commonly used by the company.

Unfortunately, if an employee tapped these links, they would not be taken to company resources but rather to a page that had been cloned to appear as a legitimate company sign in page.

Here, they received a message that their password had expired, and the employee was asked to enter their information as part of the process of changing it.

Naturally, this action did not change the employee’s password, but it did hand it over to the hackers waiting on the other end.

Per a Twilio spokesman, the attackers were only able to access data belonging to a limited number of customers, and the company is currently in the process of reaching out to those who were impacted.

If you have a Twilio account and are not contacted, your data and your account should be fine.  If you are contacted, Twilio will provide you with additional information at that time.