• World CyberCon India
Data Breaches Firewall Daily

Twilio Phishing Attack: 1900 Signal Accounts Compromised

The hackers carried out their heist by sending texts representing themselves as the company’s IT department staff.

Twilio Phishing Attack: 1900 Signal Accounts Compromised
  • PublishedAugust 16, 2022

Hackers accessed Twilio’s customer support and exploited around 1,900 phone numbers belonging to the users of the secure messaging app Signal. Twilio confirmed the hacking adding that the account of their customers and employees were compromised, including 1900 Signal users.

The company became aware of the unauthorized access on August 4, 2022. The attack was made using phishing links designed to steal login credentials, and the hackers accessed the internal systems with the help of stolen login credentials.

The hackers carried out their heist by sending texts representing themselves as the company’s IT department staff. The messages said that the employee’s passwords had expired or suggested that their schedule had changed. The hackers took control when the employee logged in using their details.

Since the URLs sent by the hackers were disguised using the company’s name, the users felt secure in opening them. Some of the words in the URLs were “Twilio”, “Okta”, and “SSO”. The links led to fake Twilio’s sign-in page. The fraudulent message sent to unsuspecting users read, “Notice! (User) login has expired. Please tap Twilio-sso.com to update your password!”

Addressing the issue, Twilio wrote on their blog, “Based on these factors, we have reason to believe the threat actors are well-organized, sophisticated and methodical in their actions.” The post further assured the users and said, “We have reemphasized our security training to ensure employees are on high alert for social engineering attacks and have issued security advisories on the specific tactics being utilized by malicious actors since they first started to appear several weeks ago.”

In the following update posted on August 10, the blog reported that they had identified nearly 125 Twilio customers whose accounts were accessed by the hackers, adding that all those users were notified about the breach. Meanwhile, Signal assured its users that the incident had not affected their message history, contact lists, and information from profiles like block history.

According to reports, the attack, which was carried out using U.S. carrier networks, was stopped by Signal. The hacker’s access to the systems of Twilio has thus been successfully curbed.

Written By

The Cyber Express is a publication that aims to provide the latest news and analysis about the information security industry. The news comes from a variety of sources and is updated regularly so that readers can stay up to date with the latest happenings in this rapidly growing field.


Comments are closed.