Messaging, call centre, and two-factor authentication provider Twilio, has confirmed today a breach of its network through what it calls a "sophisticated attack" which resulted in access to a "limited number" of customer accounts as a result of some employees falling for a social engineering attack.
It has yet to confirm exactly how many customer accounts have been accessed as a result of the breach, but the investigation is still ongoing. Twilio said that it first became aware of the attack on August 4, 2022, and it is continuing to notify and work with customers who have been affected by the incident.
The attack itself was a phishing attack which sent text messages to current, and former employees posing as Twilio"s IT department, suggesting that their password had expired, or that their schedule had changed, with a link to take action provided. And Twilio confirmed that other companies had been affected by the same type of attack and that it has been working with them to shut this down with US carriers.
The attackers continued after this action regardless, rotating through other US carriers and hosting providers to continue targeting Twilio employees. It has yet to identify the specific culprit behind the attack but it is working with law enforcement to determine this.
Twilio stresses in its blog post that "If you are not contacted by Twilio, then it means we have no evidence that your account was impacted by this attack".