Twilio Suffers Data Breach After Employees Fall Victim to SMS Phishing Attack
Aug 09, 2022
Customer engagement platform Twilio on Monday disclosed that a "sophisticated" threat actor gained "unauthorized access" using an SMS-based phishing campaign aimed at its staff to gain information on a "limited number" of accounts. The social-engineering attack was bent on stealing employee credentials, the company said, calling the as-yet-unidentified adversary "well-organized" and "methodical in their actions." The incident came to light on August 4. "This broad based attack against our employee base succeeded in fooling some employees into providing their credentials," it said in a notice. "The attackers then used the stolen credentials to gain access to some of our internal systems, where they were able to access certain customer data." The communications giant has 268,000 active customer accounts , and counts companies like Airbnb, Box, Dell, DoorDash, eBay, Glassdoor, Lyft, Salesforce, Stripe, Twitter,