Threat Watch

Twilio Discloses Data Breach

Cloud communications company Twilio released a statement outlining an attack against their employees via SMS phishing, where the attackers pretended to be Twilio’s IT department. The attackers asked employees to click on a link via a text message, warning them that their password had expired. Employees believed they were resetting their password when they followed the link, but it allowed the threat actor to steal passwords instead. The attacker then used the stolen credentials to access a small amount of customer data. The compromised accounts have been suspended and customers have been notified.

Subscribe to Threat Watch

Daily summaries of threats, delivered straight to your inbox!


Click Here to Subscribe to Threat Watch

ANALYST NOTES

Proper security training is paramount to teach employees how to spot targeted phishing attempts. IT and security departments within organizations should outline to employees how legitimate communications will be conducted. Most organizations will not use text messages for communication. If a text is received that is believed to be fraudulent, it is always a best practice to follow up via email or phone call with the intended party to verify.

https://www.bleepingcomputer.com/news/security/twilio-discloses-data-breach-after-sms-phishing-attack-on-employees/

Facebook Twitter Instagram Youtube Linkedin
Solutions
Become a Reseller

Industries

Resources

About

Contact Us
Contact Support