A hacker under the alias of Satanic has claimed to have breached SendGrid, Twilio’s cloud-based email delivery platform.
The alleged hack includes the leaking and selling of data on 848,000 customers.
Twilio has denied the claims, shared on Hackread, and issued the following statement:
There is no evidence to suggest that Twilio or Twilio SendGrid was breached.
“To the best of our knowledge, after reviewing a sampling of this data, we believe that none of this data originated from SendGrid,” concluded the company spokesperson.
Despite the denial, a hacker going by the name ‘Satanic’ posted a supposed sample on Breach Forums – a popular cybercrime platform – offering to sell the allegedly scalped data for $2,000.
Alleged Data Leak Includes Personal Identifiable Information (PII)
A sample of the data allegedly stolen from Twilio includes the following information:
- Customer emails, phone numbers, physical addresses, cities, states, countries, social media profiles, and LinkedIn IDs.
- Company-level data such as domain names, revenue, employee counts, SEO performance, hosting providers, and rankings from services like Cloudflare and Tranco.
- Financials like revenue, operating income, net income, and other business metrics
- Employee data and some public-facing executive details
- Information on company tech stacks, including CMS platforms, payment solutions, and CRM tools
The hacker’s sample dataset also pinpoints companies such as Bank of America, Bazaarvoice, and the BBC.
Yet, this isn’t Satanic’s first association with a significant – albeit alleged – data breach.
In September 2024, the hacker attacked Tracelo incident, leaking the personal information of 1.4 million users from a smartphone geolocation tracking service.
Besides high-profile breaches, Satanic is recognized within underground communities for disseminating infostealer logs through Telegram.
Meanwhile, Twilio has had recent experience dealing with data exposures.
In July 2024, hacker group ShinyHunters leaked 33 million phone numbers of Twilio Authy users, a two-factor authentication app.
Shortly afterward, in September 2024, Twilio hit the headlines again.
This time, a breach exposed 12,000 call recordings from a third-party tool used by a customer.
Importantly, neither incident conclusively demonstrated a direct breach of Twilio’s infrastructure.
AI Excaserbates Security Risks
Cybersecurity remains one of the greatest challenges to adopting AI and cloud-based solutions.
These concerns become more pronounced as businesses rethink their tech architectures and integrate AI-driven technologies.
Such advancements have created new attack surfaces for fraudsters to target.
For instance, emerging machine learning models are susceptible to threats like “membership inference” attacks, where fraudsters leverage sensitive training data.
Additionally, chatbots powered by large language models (LLMs) face risks like “prompt injection” attacks and persona manipulation, which can disrupt their functionality.
Yet, it’s not just businesses that are adopting AI; attackers are, too.
For example, voice biometric systems are increasingly at risk due to the proliferation of voice cloning tech, which enables AI-driven voice phishing attacks.
Sophisticated cloning techniques can bypass these systems and grant unauthorized access to sensitive accounts.
Such threats are real, as highlighted in CX Today’s recent article: 6 Emerging AI Threats to Contact Centers (and How to Combat Them)
Other Breach News
These types of attacks aren’t limited to the likes of Twilio.
Earlier this week, Samsung Germany recently fell foul of a colossal contact center data breach, with 270,000 customer service tickets leaked.
The ocean of breached data extended to Personal Identifiable Information (PII), including full names, email addresses, and home addresses, was released.
Additionally, transaction details and support interactions, such as ticket IDs, agent emails, and vendor responses, were leaked online.
Join a CX Community That Values Your Voice
This is your space to speak up, connect, and grow with thousands of CX leaders. Share your voice, influence what’s next, and learn from the best in customer experience. Join the conversation today.
