Twilio has suffered a data breach and the attackers “used the stolen credentials to gain access to some of our internal systems”.
Twilio is a messaging platform with a nice API. I used it last year to setup an Eliza-like SMS auto-responder to amuse my daughter while traveling. With simple code, you can setup automated or responsive SMS (and other messaging platform) texting.
Obviously, if this platform was subverted, the spamming potential for attackers is obvious.
I’m reminded of a few LowEndTalk war stories over the years from people who rent Mac (macOS) cheap VPS systems. The main problem? People sign up and start blasting out iMessage spam.
The attack was a “sophisticated” social engineering hack where employees received messages allegedly originating from Twilio IT when then allowed stealing employee credentials.
More specifically, current and former employees recently reported receiving text messages purporting to be from our IT department. Typical text bodies suggested that the employee’s passwords had expired, or that their schedule had changed, and that they needed to log in to a URL the attacker controls. The URLs used words including “Twilio,” “Okta,” and “SSO” to try and trick users to click on a link taking them to a landing page that impersonated Twilio’s sign-in page. The text messages originated from U.S. carrier networks. We worked with the U.S. carriers to shut down the actors and worked with the hosting providers serving the malicious URLs to shut those accounts down. Additionally, the threat actors seemed to have sophisticated abilities to match employee names from sources with their phone numbers.
I’m guessing these “sophisticated abilities” were achieved by LinkedIn and Google.
Sounds like someone worked up a comprehensive attack on Twilio and it worked. The writeup has info and screenshots.
Related Posts:
- MetWeb has a 30% Off Deal on Cheap VPS Offers in Utah for Our Readers! - December 21, 2024
- Is Your Soul as Dark as a Christmas Stocking’s Coal?Make Your Online World Match - December 20, 2024
- Hosteroid has a HOT, Limited Stock Offer in Vienna or Amsterdam! - December 19, 2024
Leave a Reply