Twilio discovers data breach, 125 customers affected

Twilio, a major provider of cloud communications services, uncovered a security breach last week that affected 125 of its customers, whose data was briefly accessed by malicious actors, BleepingComputer reported. The company, which also owns the two-factor authentication (2FA) provider Authy, confirmed that the perpetrators of this incident were unsuccessful in obtaining the authentication data of the clients involved. "There is no evidence that customer passwords, authentication tokens, or API keys were accessed without authorization," Twilio said in a statement. Using employee login information that was acquired via an SMS phishing attack, the actors were able to enter Twilio's network. The company started contacting impacted customers as soon as it became aware of the hack and revoked the compromised employee credentials to deny the attackers access to its systems. It has also requested several US cell carriers to deactivate the accounts used to send the phishing messages and coordinated with those of other tech firms that had also been the target of comparable attacks.