San Francisco: US-based Cloud communications firm Twilio has admitted information breach as hackers entered its inside techniques after stealing worker credentials in an SMS phishing assault.
Twilio mentioned it recognized 125 clients who had their information accessed throughout a safety breach.
“We’ve got recognized roughly 125 Twilio clients whose information was accessed by malicious actors for a restricted time frame, and now we have notified all of them,” Twilio mentioned in an announcement.
Twilio, which owns in style two-factor authentication (2FA) Authy, mentioned over the weekend that on August 4, it turned conscious of unauthorised entry to data associated to a restricted variety of Twilio buyer accounts by means of a classy social engineering assault designed to steal worker credentials.
“The attackers then used the stolen credentials to realize entry to a few of our inside techniques, the place they have been capable of entry sure buyer information,” it mentioned in an announcement.
In keeping with Bleeping Laptop, the SMS phishing messages “baited Twilio’s workers into clicking the embedded hyperlinks by warning them that their passwords had expired or have been scheduled to be modified”.
Twilio later revoked the compromised worker credentials to dam the attackers’ entry to its techniques.
The corporate additionally requested a number of US cell carriers to close down the accounts used to ship the phishing messages, the report talked about.