The enterprise communication company, Twilio, has confirmed a second data breach from a June 2022 security incident where the same threat actors from the August hack stole customers’ information. The company said that the threat actor used social engineering to trick an employee into handing over their credentials in a voice phishing attack.
Second Data Breach – A Brief Security Incident
Twilio said that the second data breach, which happened in June, was a brief security incident carried out by the same “0ktapus” hackers who targeted the customers’ data in August. However, the messaging firm said that the threat actor’s access was identified and eradicated within 12 hours. 0ktapus has targeted at least 130 organizations, including MailChimp, Klaviyo, and Cloudflare. Cloudflare also reported a similar SMS phishing attack, but the hacker could not breach the system as the company blocked the login attempts.
The hacker impersonated the company’s IT department on a phone call and tricked the employee into handing over sensitive information. In this case, the employee provided their corporate credentials, enabling the attacker to access the contact information for a limited number of customers. The company has declined to comment on the number of customers affected by the hack. Twilio said that as a result of the June and August hacks, the company has reset the credentials of the compromised employee user accounts and is distributing FIDO2 tokens to all employees.
The August Hack
Twilio confirmed that in August’s attack, the threat actor used login credentials obtained through the smishing attack to breach internal non-production systems and endpoints. The company also shared that the hacker ended up accessing the data of 209 customers. An official statement reads, “209 customers – out of a total customer base of over 270,000 – and 93 Authy end users – out of approximately 75 million total users – had accounts that were impacted by the incident.”