Earlier this month, Twilio became a target of a sophisticated social-engineering phishing attack compromising the accounts of several Signal users. Now, the American company has reported that the hackers had also gained access to the accounts of its two-factor authentication (2FA) service Authy.
The company released an Incident Report stating that the hackers could have accessed the unauthorized data by registering additional devices to the user accounts. Since then, the compromised accounts have been identified, and the company has removed the additional devices from the targeted accounts.
According to Twilio’s report, the tech giant suffered a data breach on August 4, 2022. The alleged hackers sent phishing messages to the company’s employees, including current and ex-workers. The messages claimed the perpetrator was from Twilio’s IT department. The messages persuaded the users to change their passwords because they were expired.
The hackers then asked the employees to visit a phishing page, which looked identical to Twilio’s website, including all the fonts, backgrounds, and UI. It was reported that one individual fell for the attack, ultimately leading the hackers to gain control of Twilio’s internal systems.
According to sources, the security team found that 163 Twilio customers had been affected by the breach, out of which 93 Authy accounts were compromised by the Threat Actors. While browsing through the data, the hacker could access specific customers’ data, including details of Authy’s users. However, the amount of users’ data compromised was limited as the company quickly responded to the attack and stopped the unauthorized access to data on its network.
Our investigation has identified that the malicious actors gained access to the accounts of 93 individual Authy users – out of a total of approximately 75 million users – and registered additional devices to their accounts. We have since identified and removed unauthorized devices from these Authy accounts,” the report stated.
As of August 30, 2022, the additional devices were removed from the affected accounts, and the company notified the account owners. Twilio also shared best industry practices to protect Authy accounts via its blog. Authy is among the popular two-factor authentication applications and was acquired by Twilio in 2015.
This weekly roundup highlights top cybersecurity news: Hasbro attack, AI supply chain breaches, and rising ransomware threats worldwide.
PXA Stealer, deployed by Vietnam-linked actors, hijacks LinkedIn accounts and exfiltrates credentials, crypto wallets, and sensitive data worldwide.
The data security risks of foreign-developed mobile apps are not limited to what users see on the surface.
AVrecon spreads by scanning the internet for devices with exposed vulnerable services.
What stands out in this case is that even access involving politically exposed and high-profile individuals did not trigger alerts.
Hasbro cyberattack confirmed on March 28, taking systems offline and launching an investigation with third-party cybersecurity experts.
This website uses cookies. By continuing to use this website you are giving consent to cookies being used.
Read More