Cybercriminals accessed Twilio’s customer data by phishing employees. The organization confirmed the cyberattack in a blog post.

Twilio develops communications and security software. The organization works for more than 150,000 customers, including Facebook and Uber. Twilio reveals that cybercriminals gained access to the data of “a limited number” of customers in a recent blog post.

Incident

The cybercriminals broke in with employees’ login credentials. The credentials were stolen through phishing. Employees recently received text messages from senders posing as Twilio’s IT staff. The cybercriminals claimed that employees’ passwords had expired. Employees were asked to log in to a malicious website. The cybercriminals logged the login credentials and accessed internal systems.

Twilio did not confirm whether the cybercriminals stole customer data. The identity of the attackers is unknown. Twilio is cooperating with carriers and providers to take down the messages and websites. The attackers stay online by rotating through carriers and providers. “Based on these factors, we have reason to believe the threat actors are well-organized, sophisticated and methodical in their actions”, Twilio explains.

Response

Twilio disabled the stolen accounts after discovering the attack. Customers were informed and the investigation is ongoing. Twilio only contacts customers whose data is suspected of having been accessed. “If you are not contacted by Twilio, then it means we have no evidence that your account was impacted by this attack”, Twilio told customers.

The organization apologizes for the incident. Twilio promises an update as soon as researchers know more. In the meantime, employees are warned about social engineering attacks via security training.

Tip: Data privacy: from necessary security step to competitive advantage