In a company blog, Twilio said this solely affected v1.20 of the TaskRouter JS SDK. The TaskRouter JS SDK operates as a library that lets customers easily interact with Twilio TaskRouter, which offers an attribute-based routing engine that routes tasks to agents or processes.
According to the blog, the modified version of the TaskRouter JS SDK was uploaded to the Twilio site at 1:12 p.m. Pacific time Sunday, July 19. The company received an alert about the file at 9:20 p.m. that same day. Within 15 minutes of becoming aware of the attack, its product and security teams moved to contain and remediate the incident. Roughly one hour after the initial alert, Twilio replaced the bad version of the library and locked down the permissions on the S3 bucket.
Please register to continue.
Already registered? Log in.
Once you register, you'll receive:
The context and insight you need to stay abreast of the most important developments in cybersecurity. CISO and practitioner perspectives; strategy and tactics; solutions and innovation; policy and regulation.
Unlimited access to nearly 20 years of SC Media industry analysis and news-you-can-use.
SC Media’s essential morning briefing for cybersecurity professionals.
One-click access to our extensive program of virtual events, with convenient calendar reminders and ability to earn CISSP credits.