Twilio Suffers Massive Data Breach

Twilio (Communications API developer) suffered a breach following an SMS-based phishing attack. The secure messaging app Signal, two-factor authentication app Authy, and authentication firm Okta are all Twilio customers that were secondary victims of the breach. The company’s employees were directly targeted by a phishing attack disguised to look like it came from Twilio’s IT department.

The attack was designed to trick employees into providing their employee credentials. The stolen information was then used to gain access to Twilio’s internal systems, allowing them to access customer data.

Twilio disclosed that they were breached after multiple employees fell for an SMS phishing attack that allowed threat actors to access internal systems. Using this access, the threat actors could access the data of 163 Twilio customers and use that data in further supply-chain attacks.

Twilio provides application programming interfaces through which companies can automate call and texting services. This could mean a system a barber uses to remind customers about haircuts and have them text back “Confirm” or “Cancel.” But it can also be the platform through which organizations manage their two-factor authentication text messaging systems for sending one-time authentication codes

"To date, our investigation has identified 163 Twilio customers - out of a total customer base of over 270,000 - whose data was accessed without authorization for a limited period of time, and we have notified all of them," explains an updated Twilio security advisory.

Twilio explained that the URLs “used words including ‘Twilio,’ ‘Okta’, and ‘SSO’ to try and trick users to click on a link taking them to a landing page that impersonated Twilio’s sign-in page” and that “the threat actors seemed to have sophisticated abilities to match employee names from sources with their phone numbers”. According to Twilio, other companies suffered similar attacks around the same time, although these companies were not named.

Recently, a news comes on , DoorDash, a Food delivery firm discloses new data breach tied to Twilio hackers. The data breach exposing customer and employee data that is linked to the recent cyberattack on Twilio.

DoorDash says that a threat actor gained access to the company's internal tools using stolen credentials from a third-party vendor that had access to their systems.

DoorDash recently detected unusual and suspicious activity from a third-party vendor's computer network. In response, we swiftly disabled the vendor's access to our system and contained the incident. The hacker used this access to DoorDash's internal tools to access data for both consumers and employees.

The exposed information includes the names, email addresses, delivery addresses, and phone numbers of consumers. In addition, for a small subset of customers, the hackers accessed basic order information and partial credit card information, including the card type and the last four digits of the card number.

While DoorDash does not mention the name of the third-party vendor, the food delivery company told TechCrunch that the breach is linked to same threat actors who recently attacked Twilio.