On Wednesday, Hackers that recently breached the Twilio systems also targeted Cloudflare and a few web security company’s employees had fallen for the Phishing messages.
On August 4, Twilio revealed over the weekend that it became aware of unauthorized access to some of its systems.
An investigation shows that the hackers tricked some of its employees into providing their credentials, which they then used to access internal systems and obtain customer data.
Phishing text messages were sent to Twilio employees by the hacker to trick them into entering their credentials on a malicious website.
The messages informed recipients of expired passwords and schedule changes and pointed to domains that had the words ‘Twilio’, ‘Okta’, and ‘SSO’.
The enterprise communications firms observed that the hacker, which it described as well organized and sophisticated, appeared to have sophisticated abilities to match employee names from sources with their phone numbers, reports Security Week.
On Tuesday, Cloudflare reveals that their employees also received similar text messages, on July 20. The company said that more than 100 SMS messages were sent to its employees and their families, pointing them to websites hosted on domains that seemed to belong to Cloudflare.
