Breaking

Another Twilio data breach has been identified affecting 209 customers

The customer engagement company identified and disclosed another Twilio Data Breach incident in June 2022 orchestrated by the same threat actors behind the August which resulted in unauthorized access of customer data.

This cybersecurity incident occurred on June 29, 2022 said in a their recent security advisory shared this week.

“In the June Twilio Data Breach incident, a Twilio employee was socially engineered through voice phishing (or ‘vishing’) to provide their credentials, and the malicious actor was able to access customer contact information for a limited number of customers,” said Twilio.

The company didn’t disclose the exact number of customers impacted by this security incident, and why the disclosure was made four months since the event occurred. Around 209 customers, up from 163 it reported on August 24th and 93 Authy users.

More about the Twilio Data Breach incident

Twilio is a personalized customer engagement software with around 270,000 customers and the 2FA service has approximately 75 million total users.

“The last observed unauthorized activity in our environment was on August 9, 2022,” it said, adding, “There is no evidence that the malicious actors accessed Twilio customers’ console account credentials, authentication tokens, or API keys.”

To avoid such incidents in the future, the firm has distributed FIDO2-compliant hardware security keys to all employees, with an extra layer of control within its VPN, and mandatory security training for employees to enhance the awareness of social engineering attacks.

The Twilio Data Breach attacks has been claimed by Group-IB and Okta under the names Oktapus and Scatter Swine. The attackers sent rogue messages and called employee phones numbers to trick them into clicking fake links and extorting credentials for further exploitation.

Subscribe to our newsletter for daily alerts on cyber events, you can also follow us on Facebook, Linkedin, and Twitter.

You can reach out to us via Twitter/ Facebook or mail us at admin@thecybersecuritytimes.com for advertising requests.

Share the article with your friends
William Marshal

William has been one of the key contributors to 'The Cybersecurity Times' with 9.5 years of experience in the cybersecurity journalism. Apart from writing, he also like hiking, skating and coding.

Recent Posts

Best Microsoft Intune Alternatives: Top 5 MDMs to Consider

Explore the top 5 best Microsoft Intune alternatives, comparing key features, user reviews, and capabilities…

1 day ago

Top 7 Best Smartphones with Best Security Features in 2024

Discover the top 7 smartphones of 2024 with best security features, offering privacy, performance, and…

3 weeks ago

Top 11 Log Management Tools for Efficient System Management

Discover the top 11 log management tools for efficient system management and monitoring. Learn about…

2 months ago

Top 5 Threat Intelligence Tools For 2024

Explore the top 5 threat intelligence tools, their features, and how they enhance cybersecurity against…

2 months ago

Privileged Access Management: 5 Best PAM Solutions in the Market

Explore the top 5 best PAM Tools, market trends, and expert insights to secure the…

2 months ago

Apple Device Management: Top Solutions for iOS and macOS Management

Explore the top solutions for Apple Device Management including to iOS Device Management and macOS…

2 months ago