According to data provided by Twilio, hackers were able to obtain information from "a limited number" of customer accounts through a breach including data theft of employee credentials.
On August 4th, a hacker sent SMS messages to Twilio employees asking them to change their passwords or informing them of a change in their schedule. Each message contained a URL that contained phrases like "Twilio," "SSO" (single sign-on), and "Okta," the brand of user authentication service that is employed by numerous businesses. Employees who clicked on the link were taken to a fake Twilio sign-in page, where hackers were able to capture the data they entered.
When the breach was discovered, Twilio worked with US phone providers to shut down the SMS system and also requested that web hosting companies remove the fake sign-in sites. Twilio reports that hackers were still able to switch to different hosting companies and cell carriers in order to continue their assault.
Facebook and Uber are two of the more than 150,000 businesses that use Twilio.
Laurelle Remzi, an official for Twilio, declined to reveal how many customers were impacted or what data the hackers got. According to Twilio's privacy statement, the data it gathers includes addresses, payment information, IP addresses, and, in certain situations, identification documentation.
The hackers are skilled enough to switch between telco carriers and hosting providers using social engineering lures, according to Twilio, a dominant player in the enterprise communication API market with 26 offices across 17 countries. Twilio classified the situation as ongoing.
The company didn't specify whether the social engineering attacks were successful or whether any MFA (multi-factor authentication) hurdles were encountered by the attacker.
According to Twilio, its security team has terminated access to the hacked employee accounts in order to reduce the effect of the attack and has contacted a third-party forensics company to assist in the investigation.