Twilio Breach - August 4, 2022

Twilio is a company based out of San Francisco, California. They provide communication technology, including text messages, emails, phone calls, and more.

What Was the Breach?

The breach was a phishing attack designed to look like it was from the Twilio IT department. The hackers said the right things in the wrong places, thus gaining access to such a widely used platform.

How Did the Breach Occur?

The breach occurred through a phishing campaign that convinced Twilio employees to give personal information and data to hackers. They used SMS messages to send a link to a site that looked like the Twilio sign-in page, then used the collected information to access the database.

When Did This Breach Occur?

This breach occurred on August 4th, 2022.

Who Does the Breach Impact?

On August 10th, Twilio updated its blog, saying, “We have identified approximately 125 Twilio customers whose data was accessed by malicious actors for a limited time, and we have notified all of them." Only having 125 out of over 275,000 accounts accessed seems merciful for the company. Twilio also assured users that "there is no evidence that customer passwords, authentication tokens, or API keys were accessed without authorization."

How Many Files Does the Breach Affect?

Twilio initially refused to comment on how many customers were affected by the breach but instead listed all information that may have been accessed in the hack, which includes names, addresses, IP addresses, and the occasional proof of identification. This information hasn't been released to the public, which is a relief to Twilio customers. Read more at Phishing Messages Tricked Twilio Employees Into Divulging Sensitive Credentials.