Only few customers were affected by the recent breach, Twilio confirmed
Image courtesy:TechCrunch
On Friday, Twilio claims that it has identified 125 customers who had their data accessed during a security breach discovered last week.
The company further adds that the hackers behind the incident were not able to gain access to the affected clients’ authentication information.
Twilio reveals in an update to the original disclosure that they have identified approximately 125 Twilio customers whose data was accessed by malicious actors for a limited period of time, and they have notified all of them.
It further said that there is no evidence that customer passwords, authentication tokens, or API keys were accessed without authorization.
The hackers gained access to Twilio’s network using credentials that belonged to multiple employees, stolen in an SMS phishing attack.
After finding the intrusion, Twilio revoked the compromised employee credentials to block the attackers’ access to its systems and started notifying affected customers, Bleeping Computer reports.
The company had also asked several U.S. mobile carriers to shut down the accounts that were used to deliver the phishing messages, but the hackers switched to new accounts and resumed their attacks.
