Twilio Hackers Breached Over 130 Organizations During Months-Long Hacking Spree

The hackers that breached Twilio earlier this month also compromised more than 130 other organizations during their hacking spree that netted the credentials of close to 10,000 employees. TechCrunch: Twilio's recent network intrusion allowed the hackers to access the data of 125 Twilio customers and companies -- including end-to-end encrypted messaging app Signal -- after tricking employees into handing over their corporate login credentials and two-factor codes from SMS phishing messages that purported to come from Twilio's IT department. At the time, TechCrunch learned of phishing pages impersonating other companies, including a U.S. internet company, an IT outsourcing company and a customer service provider, but the scale of the campaign remained unclear. Now, cybersecurity company Group-IB says the attack on Twilio was part of a wider campaign by the hacking group it's calling "0ktapus," a reference to how the hackers predominantly target organizations that use Okta as a single sign-on provider. Group-IB, which launched an investigation after one of its customers was targeted by a linked phishing attack, said in findings shared with TechCrunch that the vast majority of the targeted companies are headquartered in the U.S. or have U.S.-based staff. The attackers have stolen at least 9,931 user credentials since March, according to Group-IB's findings, with more than half containing captured multi-factor authentication codes used to access a company's network.

Read more of this story at Slashdot.