Twilio has suffered a data breach and the attackers “used the stolen credentials to gain access to some of our internal systems”.

Twilio is a messaging platform with a nice API.  I used it last year to setup an Eliza-like SMS auto-responder to amuse my daughter while traveling.  With simple code, you can setup automated or responsive SMS (and other messaging platform) texting.

Obviously, if this platform was subverted, the spamming potential for attackers is obvious.

I’m reminded of a few LowEndTalk war stories over the years from people who rent Mac (macOS) cheap VPS systems.  The main problem?  People sign up and start blasting out iMessage spam.

The attack was a “sophisticated” social engineering hack where employees received messages allegedly originating from Twilio IT when then allowed stealing employee credentials.

More specifically, current and former employees recently reported receiving text messages purporting to be from our IT department. Typical text bodies suggested that the employee’s passwords had expired, or that their schedule had changed, and that they needed to log in to a URL the attacker controls. The URLs used words including “Twilio,” “Okta,” and “SSO” to try and trick users to click on a link taking them to a landing page that impersonated Twilio’s sign-in page. The text messages originated from U.S. carrier networks. We worked with the U.S. carriers to shut down the actors and worked with the hosting providers serving the malicious URLs to shut those accounts down. Additionally, the threat actors seemed to have sophisticated abilities to match employee names from sources with their phone numbers.

I’m guessing these “sophisticated abilities” were achieved by LinkedIn and Google.

Sounds like someone worked up a comprehensive attack on Twilio and it worked.  The writeup has info and screenshots.

• Author
• Recent Posts

raindog308

Dread Lord of LowEnd Content at LowEndBox

I'm raindog308, techno polymath and long-time LowEndTalk community Administrator. My technical interests include all things Unix, perl, python, golang, shell scripting, vintage operating systems such as MVS, and relational database systems such as Oracle, PostgreSQL, and MySQL.

I also enjoy using LEBs! I have an empire of little guys for VPNs, larger guys for apps, and big guys for databases and storage. When I'm not in front a screen I'm into German Shepherd dogs, quality knives, target shooting, theology, tabletop roleplaying games, and forest hiking.

I enjoy writing technical articles here on LowEndBox to help people get more out of their systems. You can find me on LowEndTalk @raindog308

Latest posts by raindog308 (see all)

• Crunchbits Discontinuing Popular Annual Plans – The Community Mourns! - November 20, 2024
• RackNerd’s Black Friday 2024: Bigger, Better, and Now in Dublin! - November 19, 2024
• It’s the Season of Giving and CharityHost Has Deals for You! - November 18, 2024