Authy also impacted by Twilio data breach

Twilio announced that 93 users of its Authy two-factor authentication service had their accounts compromised by the same sophisticated phishing attack that impacted the communication tools firm earlier this month, according to The Hacker News. Threat actors have leveraged unauthorized access to facilitate more device registrations to the compromised Authy accounts, noted Twilio, which has already omitted the illegitimately added devices. Moreover, Twilio said that the phishing attack has already affected 163 customers, up from the 125 first reported by the company on Aug. 10. Group-IB has reported that Twilio and more than 130 other companies have been hit by the widespread attack dubbed "0ktapus," which involved phishing kit distribution through fraudulent Okta authentication pages and resulted in the theft of 9,931 user credentials and 5,441 multi-factor authentication codes. Okta said that attackers have leveraged Twilio's administrative console for access expansion. "The threat actor used credentials (usernames and passwords) previously stolen in phishing campaigns to trigger SMS-based MFA challenges, and used access to Twilio systems to search for one-time passwords sent in those challenges," said Okta.