Dive Brief:

• Twilio keeps discovering more victims as it continues to investigate the downstream impacts of a sophisticated phishing attack earlier this month. 
• The company, in a Wednesday update, said it identified 163 customers whose data was compromised. Twilio previously said the attack impacted 125 customers. 
• Twilio said it made multiple internal security improvements following the attack. The company also maintains it has not observed any further instances of unauthorized access since Aug. 10, six days after multiple employees were duped into providing their credentials to threat actors behind the attack.

Dive Insight:

The phishing attack, which compromised Twilio’s widely used two-factor authentication service, was part of a much larger campaign, dubbed Oktapus by researchers, targeting 169 unique domains.

Threat actors behind Oktapus have compromised almost 10,000 user credentials across 136 organizations, according to Singapore-based cybersecurity provider Group-IB.

The fallout from these points of compromise were quickly exploited by threat actors to launch additional supply-chain attacks. Signal, a Twilio customer, said the phone numbers or verification codes of 1,900 users were revealed as a result of the Twilio breach.

Twilio last week said it identified another group of 93 victims on its Authy service, which allows users to manage multiple two-factor authentication accounts on a mobile app. Threat actors successfully registered additional devices to those 93 accounts, which have since been identified and removed by Twilio. 

All of the victims have been notified and the investigation remains ongoing, according to Twilio.