Twilio Hacked by Phishing Campaign Targeting Internet Companies

by
msmash
from Slashdot on (#629AM)
Communications giant Twilio has confirmed hackers accessed customer data after successfully tricking employees into handing over their corporate login credentials. From a report: The San Francisco-based company, which allows users to build voice and SMS capabilities -- such as two-factor authentication (2FA) -- into applications, said in a blog post published Monday that it became aware that someone gained "unauthorized access" to information related to some Twilio customer accounts on August 4. Twilio has more than 150,000 customers, including Facebook and Uber. According to the company, the as-yet-unidentified threat actor convinced multiple Twilio employees into handing over their credentials, which allowed access to the company's internal systems. The attack used SMS phishing messages that purported to come from Twilio's IT department, suggesting that the employees' password had expired or that their schedule had changed, and advised the target to log in using a spoofed web address that the attacker controls.

twitter_icon_large.pngfacebook_icon_large.png

Read more of this story at Slashdot.

External Content
Source RSS or Atom Feed
Feed Location https://rss.slashdot.org/Slashdot/slashdotMain
Feed Title Slashdot
Feed Link https://slashdot.org/
Feed Copyright Copyright Slashdot Media. All Rights Reserved.
Reply 0 comments