A misconfiguration in an S3 bucket that was hosting a Twilio Javascript library caused a bad threat actor to inject code that made Twilio users load an extraneous URL on their browsers that has been associated with the Magecart group of attacks.

In a company blog, Twilio said this solely affected v1.20 of the TaskRouter JS SDK. The TaskRouter JS SDK operates as a library that lets customers easily interact with Twilio TaskRouter, which offers an attribute-based routing engine that routes tasks to agents or processes.

According to the blog, the modified version of the TaskRouter JS SDK was uploaded to the Twilio site at 1:12 p.m. Pacific time Sunday, July 19. The company received an alert about the file at 9:20 p.m. that same day. Within 15 minutes of becoming aware of the attack, its product and security teams moved to contain and remediate the incident. Roughly one hour after the initial alert, Twilio replaced the bad version of the library and locked down the permissions on the S3 bucket.

Please register to continue.

Already registered? Log in.

Once you register, you'll receive:

  • News analysis

    The context and insight you need to stay abreast of the most important developments in cybersecurity. CISO and practitioner perspectives; strategy and tactics; solutions and innovation; policy and regulation.

  • Archives

    Unlimited access to nearly 20 years of SC Media industry analysis and news-you-can-use.

  • Daily Newswire

    SC Media’s essential morning briefing for cybersecurity professionals.

  • Learning Express

    One-click access to our extensive program of virtual events, with convenient calendar reminders and ability to earn CISSP credits.