Skip to main content
close search
site logo
Dive Brief

Twilio employees duped by text message phishing attack

The communications provider declined to say how many employees were duped and the amount of customers compromised.

Published Aug. 8, 2022
Matt Kapko's headshot
Senior Reporter
A sample phishing text message provided by Twilio.

Twilio

Dive Brief:

  • Multiple Twilio employees were duped into providing their credentials to threat actors in a phishing campaign the communications platform described in a Sunday blog post as a “sophisticated social engineering attack.” 
  • The attackers gained access to some of Twilio’s internal systems that contain customer data on Aug. 4. The company declined to say how many employees were duped and the amount of customers potentially impacted, and said an investigation is ongoing.
  • The threat actors matched targeted employee names with their phone numbers to initiate the text message phishing campaign. Victims were tricked into updating passwords or changing their messaging schedule via spoofed URLs, according to Twilio.

Dive Insight:

Twilio was beaten at its own game. The platform’s application programming interface protocols are used by more than 275,000 customers to verify identity via two-factor authentication and engage customers in an automated manner.

Many of today’s most popular apps, including Facebook and Uber, use Twilio to communicate alerts and important updates to customers via text messages, voice and video. The carry-on effect of a threat actor accessing customer data could be significant if Twilio’s customers are later compromised.

The threat actors deceived some Twilio employees into sharing Okta credentials and two-factor authentication codes with spoofed URLs containing “Twilio,” “Okta” and “SSO” for single sign-on. Those links directed employees to a landing page impersonating Twilio’s sign-in page.

The company said current and former employees reported receiving the text messages, which purported to be from its IT department and originated on U.S. carrier networks. 

Twilio said other organizations were subject to similar attacks and, despite a coordinated effort with network operators and hosting providers to stop the malicious messages and URLs, the threat actors resumed their attacks on other carriers and hosts.

“Based on these factors, we have reason to believe the threat actors are well organized, sophisticated and methodical in their actions,” Twilio said in a blog post.

The company asserted its use of modern and sophisticated threat detection and deterrence measures, which, Twilio said, makes the cyberattack notice especially painful. The threat actors behind the attacks have not yet been identified.

Twilio’s security team revoked access to compromised employee accounts after it discovered the attack, and the company said it’s notifying affected customers on an individual basis.

Filed Under: Cyberattacks

Editors' picks

Company Announcements

View all | Post a press release
Nile Adds Industry’s First Campus Zero Trust Delivered As a Service
From Nile
November 21, 2024
Fathom5’s ARIA Technology Joins NSIN Propel Maritime Digital Defense Accelerator
From Fathom5
November 18, 2024
Whalebone Ranks Third Straight Year Among Central Europe’s 50 Fastest-Growing Companies
From Whalebone
November 25, 2024
DigiCert Unveils 2025 Security Predictions
From DigiCert
November 21, 2024
Editors' picks
Latest in Cyberattacks
Industry Dive is an Informa TechTarget business.
© 2024 TechTarget, Inc. or its subsidiaries. All rights reserved. | View our other publications | Privacy policy | Terms of use | Take down policy.
Cookie Preferences / Do Not Sell
This website is owned and operated by Informa TechTarget, part of a global network that informs, influences and connects the world's technology buyers and sellers. All copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. TechTarget, Inc.'s registered office is 275 Grove St. Newton, MA 02466.