Update! The Leak of 12,000 Call Records Is Not a Breach, Claims Twilio

The leak included phone numbers and audio recordings

3
Update! The Leak of 12,000 Twilio Call Records Is Most Likely Not a Breach
Data & AnalyticsLatest News

Published: September 24, 2024

James Stephen

A hacker has reportedly leaked 12,000 Twilio call records along with phone numbers and audio recordings.

The cybersecurity-focussed online news platform Hackread shared the story and shed some light on the hacker who, it says, uses the alias ‘grep’.

grep has also claimed responsibility for two Dell data breaches this month that took place within a week of each other.

Yet, there is no evidence to suggest that the attack is a breach, Twilio has confirmed in a statement to CX Today.

“At this time, we have no evidence to suggest that Twilio was breached,” said a Twilio spokesperson.

One of Twilio’s customers inadvertently exposed its own Twilio data when their developers used a third-party software tool that had a vulnerability. Twilio informed this customer and they’ve already taken steps to secure their account.

While Twilio’s systems may have proven secure, the timing of the leak comes just a month after the CPaaS leader was sued for allegedly using its Segment SDK software to collect data without customer consent.

More Details on the Latest Alleged Attack

Hackread put the severity of the risk into context: “Although the leaked data by number is minimal, the presence of actual call recordings seriously increases the severity of the breach, as it exposes not just metadata but the contents of conversations.

“This can lead to serious privacy violations, especially if the calls involve sensitive personal or business information.

“Attackers could exploit these recordings for blackmail, fraud, or impersonation.

Businesses could face legal consequences under regulations like GDPR or CCPA for failing to protect this data.

The publication also explains that the leaked phone numbers are vulnerable to SMS phishing and voice call phishing scams, which are popular methods of attack for cybercriminals.

In 2022, Twilio fell victim to two phishing attacks, impacting at least 209 customers.

However, this time around, the hacker did not confirm that they had directly accessed Twilio’s systems.

Hackread analyzed the full leaked data records and suggested that they were likely linked to a telecommunications system, given details related to interpretation services like languages, session details, and rates.

Generative AI in Cyber Crime

Cyber attacks appear to be on the rise, with Cybersecurity Ventures estimating that next year they’ll cost the global economy $10.5 trillion.

The explosion of generative AI technologies may also contribute to this figure as it is supposedly being leveraged to assist with data hacks.

The Global Cybersecurity Outlook 2024 offered insights into the link in its report earlier this year: “The same attack vectors that have been employed by cybercriminals are still being used; however, new technology paves the way for nefarious activity.

“Generative AI chatbots are making it much easier for cybercriminals to create believable phishing emails and write custom malware.

“Although popular commercial chatbots have built-in censors and proactive controls to prevent abuse, cybercriminals are adopting large language models to design malicious subscription-based services.

“Chatbots such as FraudGPT and WormGPT are lowering the skills required to commit complex and convincing campaigns.”

In July, a teenager from Walsall was arrested for being an alleged member of the cyber hacking group that targeted Twilio, LastPass, and Mailchimp.

The same month saw hackers gain access to several customer accounts of the CRM stalwart Hubspot.

 

 

CCaaSSecurity and Compliance

Brands mentioned in this article.

Featured

Share This Post