A teenager from Walsall has been arrested for being an alleged member of the cyber hacking group that targeted Twilio, LastPass, and Mailchimp.
The unnamed 17-year-old is accused of being a member of the infamous Scattered Spider ransomware gang, and has been arrested on charges of blackmail and offenses under the Computer Misuse Act.
The arrest was coordinated between the U.K. National Crime Agency (NCA) and the U.S. Federal Bureau of Investigation (FBI), who described it as “part of a global investigation into a large-scale cyber hacking community.”
A Previous Arrest
The latest arrest follows reports from back in June that the alleged leader of the cybercrime group had been arrested in Spain.
The suspect – UK citizen Tyler Buchanan, 22, from Dundee, Scotland – is believed to be the head of the ‘Scattered Spider’ group, which has been linked to cyber-attacks on nearly 130 organizations over the past two years.
As first reported by Local Spanish daily Murcia Today, Buchanan was arrested in Palma de Mallorca, Spain, where he was attempting to board a flight to Italy.
The publication claimed that “he [Buchanan] stands accused of hacking into corporate accounts and stealing critical information, which allegedly enabled the group to access multi-million-dollar funds.
According to Palma police, at one point, he controlled Bitcoins worth $27 million.
The Original Cyber Attack
The hacker, known by aliases such as ‘Tyler’ and ‘tylerb,’ led a group specializing in SIM-swapping attacks. These attacks involved fraudulently transferring victims’ phone numbers to devices controlled by the attackers, allowing them to intercept communications.
One major target was Twilio, which experienced a significant data breach in the summer of 2022. Hackers tricked Twilio employees into providing login credentials, compromising customer data and internal systems, with it estimated that approximately 125 customers were affected.
The attack began with employees receiving fake IT department messages instructing them to log into a fraudulent URL, resulting in credential theft. Twilio’s security team responded by revoking access, enhancing security training, and implementing additional protective measures.
However, it was later revealed that Twilio had suffered an earlier cyber-attack just days before, involving a voice phishing scam that accessed some customer contact information.
Unlike the August 4 breach, Twilio did not immediately disclose this incident, instead mentioning it briefly in a later report, raising concerns about transparency.
With another alleged member of the cybercrime group now in custody, it will be interesting to see whether any fresh details about the Twilio hack come to light.
More News from Twilio
In non-hacking related Twilio news, earlier this month the company introduced a mobile app for its CCaaS platform, Flex, as part of its Q2 2024 release.
The Flex Mobile app, available for iOS and Android, benefits from requiring no developer effort to deploy. Users can access all configured information and functionality on Twilio Flex by simply downloading the app from their app store.
Twilio also confirmed that the app will work seamlessly with the same users, phone numbers, routing, queues, and customer data as the desktop version.
Currently in public beta, the app is free to download, with additional Flex-only mobile licenses available at a discounted rate. This discount highlights Twilio’s goal to extend CCaaS solutions across the enterprise.
Unlike other providers that charge full price for additional agent seats, Twilio offers a cost-efficient solution for external subject matter experts, including sales and marketing teams, store associates, and field service personnel.