San Francisco : US-based Cloud communications company Twilio has admitted data breach as hackers entered its internal systems after stealing employee credentials in an SMS phishing attack.
Twilio said it identified 125 customers who had their data accessed during a security breach.
“We have identified approximately 125 Twilio customers whose data was accessed by malicious actors for a limited period of time, and we have notified all of them,” Twilio said in a statement.
Twilio, which owns popular two-factor authentication (2FA) Authy, said over the weekend that on August 4, it became aware of unauthorised access to information related to a limited number of Twilio customer accounts through a sophisticated social engineering attack designed to steal employee credentials.
Also Read Why did govt quietly ban VLC media player in India? “The attackers then used the stolen credentials to gain access to some of our internal systems, where they were able to access certain customer data,” it said in a statement.
According to Bleeping Computer, the SMS phishing messages “baited Twilio’s employees into clicking the embedded links by warning them that their passwords had expired or were scheduled to be changed”.
Related stories
Subscribe
- Never miss a story with notifications
- Gain full access to our premium content
- Browse free from up to 5 devices at once
Latest stories