A cloud communications platform, Twilio, has publicized a security incident in which attackers were able to gain access to sensitive data due to a misconfigured Amazon AWS S3 bucket. According to researchers, the attackers were able to modify the TaskRouter JavaScript SDK, and the SDK path had been left publicly readable and writable since 2015.
Twilio boasts a customer list of 5 million developers and 150,000 companies, who take advantage of its tools to improve communications over voice, text, and video. Some of Twilio’s larger customers are Twitter, Spotify, Hulu, Lyft, Airbnb, Yelp, Uber, Netflix, and Shopify. Twilio worked to resolve the breach as soon as possible, however, the incident highlights the dangers of misconfigured S3 buckets and the risk they pose to companies’ customer data privacy.
Read More: Twilio Security Incident Shows Danger of Misconfigured S3 Buckets