Same Hackers are suspected behind the August and June security breaches.
After the August hack resulted in unauthorized access of customer information, Communication services provider Twilio, this week disclosed that they had experienced a “brief security incident” in June 2022 , Twilio stated that the breach was perpetrated by the same threat actor behind the August hack.
The security event occurred on June 29, 2022, the company said in an updated advisory shared this week, as part of its probe into the digital break-in.
“In the June incident, a Twilio employee was socially engineered through voice phishing (or ‘vishing’) to provide their credentials, and the malicious actor was able to access customer contact information for a limited number of customers,” Twilio said.
The San Francisco-based firm did not reveal the exact number of customers impacted by the June incident, and why the disclosure was made four months after it took place. Details of the second breach come as Twilio noted the threat actors accessed the data of 209 customers, up from 163 it reported on August 24, and 93 Authy users.
Twilio, which offers personalized customer engagement software, has over 270,000 customers, while its Authy two-factor authentication service has approximately 75 million total users.
Twilio stated that the last observed unauthorized activity in their environment was observed on August 9, 2022. They further exclaimed that there was no evidence of the malicious actors accessing Twilio customers’ console account credentials, authentication tokens, or API keys.
To mitigate such attacks in the future, Twilio said it’s distributing FIDO2-compliant hardware security keys to all employees, implementing additional layers of control within its VPN, and conducting mandatory security training for employees to improve awareness about social engineering attacks.