Twilio communication company’s internal system was hacked by a phishing campaign that hacks many internet companies to get access to their customer’s personal information.
In a blog post published on Monday, communications giant Twilio mentioned that the company had discovered an “unauthorized access” into their system and gained access to a Twilio customer’s accounts receiving relative information on August 4.
The company based in San Francisco lets its users form voice and SMS capabilities, like two-factor authentication (2FA) in their applications. It has over 150,000 corporate customers, including Facebook and Uber.
The company explained that the unidentified system threat actor convinced two Twilio employees to disclose their company account credentials, allowing access to the firm’s internal systems.
Moreover, the attackers used SMS phishing messages that appeared to come from Twilio’s IT department. The fake messages said that the employees’ passwords had expired or had changed schedules and advised their victims to log in using a fake web address controlled by the hacker.
Twilio explained that the attackers used specific words to make their SMS messages look legitimate. They used words that refer to single sign-on, like “Okta” and “SSO,” that companies use to provide secured access to their internal apps. Okta was itself attacked by an actor earlier this year by gaining access to its internal systems. Twilio worked with U.S. carriers and stopped the phishing messages, registrars, and hosting providers, shutting down the hackers’ campaign URLs.
However, Twilio said that the threat actor was not discouraged. The company’s blog post said, “Despite this response, the threat actors have continued to rotate through carriers and hosting providers to resume their attacks. Based on these factors, we have reason to believe the threat actors are well-organized, sophisticated and methodical in their actions.”
The same threat actor had made phishing pages imitating other companies like an IT outsourcing company, a U.S. internet company, and a customer service provider, although the impact of their attacks on these firms is still unknown.
Twilio further said that it repealed access to its employees’ compromised accounts after the attack. In addition, the company has increased its security training measures to ensure its employees are on “high alert” for malicious socio-engineering attacks. The company has further started contacting its affected customers individually.