University of Email by Pankaj Kumar
    Facebook Twitter Instagram
    Facebook Twitter Instagram
    University of Email by Pankaj Kumar
    Subscribe
    • CDP
    • Deliverability
      • Deliverability Issues
      • Email Bounce Error
    • Emarketing
    • Industry updates
    • Solutions
    • About
    University of Email by Pankaj Kumar
    Industry updates

    Twilio customer data accessed as part of phishing

    Pankaj KumarBy Pankaj KumarAugust 8, 2022Updated:April 10, 2023No Comments3 Mins Read
    Phishing email

    Unfortunately, there is an another incident of data breach. This time Twilio which has disclosed that attackers tricked an employee into sharing their credentials. Meaning allowing them to access information for a “limited number” of customers.

    A ‘sophisticated’ SMS phishing attack on Twilio employees allowed hackers to access some customer data. The company said it has been notifying affected customers individually. “If you are not contacted by Twilio, then it means we have no evidence that your account was impacted by this attack,” the company said.

    The company did not disclose how many customers were affected or what types of data may have been accessed. In an effort to stave off additional breaches, Twilio said it’s working with those companies. Among the actions they’re taking is asking mobile carriers to block “malicious messages” in the first place and asking hosts and registrars to shut down the URLs used to trick employees.

    Official Twilio Statement

    On August 4, 2022, Twilio became aware of unauthorized access to information related to a limited number of Twilio customer accounts through a sophisticated social engineering attack designed to steal employee credentials. This broad based attack against our employee base succeeded in fooling some employees into providing their credentials.

    The attackers then used the stolen credentials to gain access to some of our internal systems, where they were able to access certain customer data. We continue to notify and are working directly with customers who were affected by this incident. We are still early in our investigation, which is ongoing.

    More specifically, current and former employees recently reported receiving text messages purporting to be from our IT department. Typical text bodies suggested that the employee’s passwords had expired, or that their schedule had changed, and that they needed to log in to a URL the attacker controls. The URLs used words including “Twilio,” “Okta,” and “SSO” to try and trick users to click on a link taking them to a landing page that impersonated Twilio’s sign-in page.

    The text messages originated from U.S. carrier networks. We worked with the U.S. carriers to shut down the actors and worked with the hosting providers serving the malicious URLs to shut those accounts down. Additionally, the threat actors seemed to have sophisticated abilities to match employee names from sources with their phone numbers.

    Twilio spoofed SMS
    Sample SMS sent by hackers to Twilio employees.

    Once the incident was confirmed, Twilio’s security teams revoked access to the compromised employees to halt the attack. A leading forensics firm was engaged to aid Twilio’s ongoing investigation.

    However, the company has yet to discover who conducted the successful attack. The company further said: They will perform an extensive post-mortem on the incident and begin “instituting betterments to address the root causes” of the compromise.

    University of Email doesn't confirm this news as this has been brought here based on our research.
    Post Views: 753
    Pankaj Kumar
    • Website
    • Facebook
    • Twitter
    • LinkedIn

    Pankaj Kumar is a senior professional holding 10+ years of experience in CRM, Email Deliverability & Marketing Analytics, Deliverability Onboarding, Implementation, Deliverability Automations He has worked with a broad range of clients to provide strategic, data-driven guidance to increase email delivery, subscriber engagement and revenue. He also helps marketers through this blogs in preparing strategies, data analytics, deliverability, and CRM with a passion for helping email marketers exceed subscriber expectations. You may connect with him on LinkedIn at https://www.linkedin.com/in/kumarpankaj793/

    Related Posts

    If You’re an Email Sender You Must Know Key Takeaways From Gmail and Yahoo New Requirement

    February 2, 2024

    Google’s Enhanced Gmail Features about Report spam and Unsubscribe

    January 21, 2024

    Spamhaus botnet threat update: Q1 2023

    April 14, 2023

    Leave A Reply Cancel Reply

    Subscribe to University of Email

    * indicates required

    Most Viewed Posts
    1. Yahoo/AOL/Verizon Postmaster tool for Email Deliverability (131,933)
    2. What you should ask to your next Email Service Provider? Revealed (120,542)
    3. Transfer your email from Yahoo to Gmail (15,055)
    4. £183m GDPR Fine Levied against British Airways (11,458)
    5. What Should You Know About Email Blacklisting? (8,304)
    Total posts
    • 105posts
    Search UOE
    Things to do here
    • About
    • Questions
      • Activities
      • Ask a question
      • Categories
      • Profile
      • Tags
    Pankaj Kumar
    Pankaj Kumar
    Pankaj Kumar, Author at University of Email
    Facebook Twitter Instagram LinkedIn
    © 2025 University of Email. Designed by BirdServer Technologies.

    Type above and press Enter to search. Press Esc to cancel.

    Please wait...

    Subscribe to our newsletter

    Want to be notified when our article is published? Enter your email address and name below to be the first to know.
    SIGN UP FOR NEWSLETTER NOW