Hackers have tricked Twilio employees into sharing their login credentials, placing customer data at risk.
Indeed, hackers gained entry to some of its internal systems, through which they accessed “certain customer data”. Approximately 125 Twilio customers have been affected by this incident.
Current and former employees reported that they received text messages claiming to be from Twilio’s IT department. The messages suggested that the employee’s passwords had expired and that they had to log in to a URL which would give the attacker access to employees’ new credentials.
To appear more legitimate, the URL contained words such as “Twilio”, “Okta”, and “SSO”. The URLs then took employees to a landing page that looked like Twilio’s sign-in page.
Twilio’s security team has revoked access to the compromised employee accounts and is working on providing additional security training to employees. The company has also implemented additional internal measures to protect against further attacks.
The company said in a blog post: “Trust is paramount at Twilio, and we recognize that the security of our systems and network is an important part of earning and keeping our customers’ trust. We are committed to learning from this incident and continuing to improve our processes.”
Twilio’s investigation is still ongoing, and the company will notify directly any additional customers that were affected.