Hackers accessed Twilio’s customer support and exploited around 1,900 phone numbers belonging to the users of the secure messaging app Signal. Twilio confirmed the hacking adding that the account of their customers and employees were compromised, including 1900 Signal users.
The company became aware of the unauthorized access on August 4, 2022. The attack was made using phishing links designed to steal login credentials, and the hackers accessed the internal systems with the help of stolen login credentials.
The hackers carried out their heist by sending texts representing themselves as the company’s IT department staff. The messages said that the employee’s passwords had expired or suggested that their schedule had changed. The hackers took control when the employee logged in using their details.
Since the URLs sent by the hackers were disguised using the company’s name, the users felt secure in opening them. Some of the words in the URLs were “Twilio”, “Okta”, and “SSO”. The links led to fake Twilio’s sign-in page. The fraudulent message sent to unsuspecting users read, “Notice! (User) login has expired. Please tap Twilio-sso.com to update your password!”
Addressing the issue, Twilio wrote on their blog, “Based on these factors, we have reason to believe the threat actors are well-organized, sophisticated and methodical in their actions.” The post further assured the users and said, “We have reemphasized our security training to ensure employees are on high alert for social engineering attacks and have issued security advisories on the specific tactics being utilized by malicious actors since they first started to appear several weeks ago.”
Message history, profile info, contact lists, & other data were NOT & could not be accessed. The information attackers accessed could allow them to attempt to register a Signal user’s phone number on a new device if that user had not enabled registration lock. 2/
— Signal (@signalapp) August 15, 2022
In the following update posted on August 10, the blog reported that they had identified nearly 125 Twilio customers whose accounts were accessed by the hackers, adding that all those users were notified about the breach. Meanwhile, Signal assured its users that the incident had not affected their message history, contact lists, and information from profiles like block history.
According to reports, the attack, which was carried out using U.S. carrier networks, was stopped by Signal. The hacker’s access to the systems of Twilio has thus been successfully curbed.