According to data provided by Twilio, hackers were able to obtain information from “a limited number” of customer accounts through a breach including data theft of employee credentials.
On August 4th, a hacker sent SMS messages to Twilio employees asking them to change their passwords or informing them of a change in their schedule. Each message contained a URL that contained phrases like “Twilio,” “SSO” (single sign-on), and “Okta,” the brand of user authentication service that is employed by numerous businesses. Employees who clicked on the link were taken to a fake Twilio sign-in page, where hackers were able to capture the data they entered.
When the breach was discovered, Twilio worked with US phone providers to shut down the SMS system and also requested that web hosting companies remove the fake sign-in sites. Twilio reports that hackers were still able to switch to different hosting companies and cell carriers in order to continue their assault.
Facebook and Uber are two of the more than 150,000 businesses that use Twilio.
Laurelle Remzi, an official for Twilio, declined to reveal how many customers were impacted or what data the hackers got. According to Twilio’s privacy stateme
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
This article has been indexed from CySecurity News – Latest Information Security and Hacking Incidents
Read the original article: