Researchers have identified a smishing attack that resulted in a data breach at communications API developer Twilio. As a consequence, an unknown number of customer accounts were accessed by hackers. Current and former Twilio employees were reportedly targeted by SMS-based phishing messages that appeared to come from the firm’s own IT department. Due to the convincing nature of the attack, the threat actors were able to trick some employees into handing over their credentials. The credentials were then used by the malicious actors to hijack internal accounts, access systems, and view customer data.
In the smishing attack, the threat actor used lures such as that passwords had expired and needed to be reset. The URLs contained words such as Twilio, SSO, and Okta, to trick users into clicking on them. The attackers also created a landing page that resembled Twilio’s legitimate sign-in page, according to researchers. Twilio stated that other companies had been attacked in the same way recently. It is unclear what the motivations behind the attack were, and Twilio has not confirmed how many customers and what data was impacted.
Read More: Smishing Attack Led to Major Twilio Breach