Modern life is much more comfortable to live in! Special thanks to various digital devices and the internet that has enabled the same. Everything regarded as ‘good’ is set to have certain negative counterparts associated with it, and the modern digital world is no different. Although the internet has improved our lives today, it has also presented a significant challenge to data security.
With the continuous advances in the cyber world, cyber-attacks are too ubiquitous. Contrary to the same, we have learned how Twilio, a cloud communications company, saw a new data breach, which marks its second hit, this year. It has been stated that the second breach is led by the same ‘Oktapus’ hackers who were responsible for hacking the August incident.
Talking broadly about its ‘Brief security incident’, which was also affected by the same set of attackers, just like the latest breach through Voice Phishing. Voice phishing is the most common tactic, which is used by a hacker to make fraudulent phone calls impersonating a way directly into the IT department of the company. The same incident took place back on 29th June’22. Concerning this, unknowingly, one of Twilio’s employees handed over the essential credentials, which led the hacker to access the affected customers’ entire data including their contact information and more details.
According to Twilio, "The threat actor's access was identified and eradicated within 12 hours”. Going back to the essence of the last breach, customers whose information was impacted in June were notified as soon as on 2nd July.
With the information collected, top-authorized organizations went forward with plenty of unanswered questions to Twilio, such as the number of impacted people. For the same, Laurelle Remzi (the spokesperson of Twilio) declined to answer and provide the exact number of customers affected by the June breach. Not just this, she refused to give a copy of the notification that the business claims to have delivered to individuals affected by the breach. Remzi also declined to comment on Twilio's tardy disclosure of the issue.
We have come to know that Twilio has mentioned that there were nearly 209 customers, as per the report of the August breach. Twilio has not named any single customer affected, but the app has helped users know about their data breach via the notifications sent to them from the company.
Back in 2015, Twilio acquired a two-factor authentication app Authy, which was also compromised by the attackers, affecting the accounts of nearly 93 Authy users.
According to Twilio, there is no such evidence about the malicious actors who have accessed the customer’s data or their accounts, including APIs and credentials.
To target more companies, the attackers also tried to attack Cloudfare’s digital infrastructure, but it resulted in numerous failed attempts. According to Cloudflare, their attempts failed due to phishing-resistant hardware security keys.
Next Step Ahead For Better Security
To break down the efficacy and mitigate such attacks in future, Twilio has come up with the big next step ahead. This would mark an announcement of an upcoming rollout where hardware security keys will be given to all employees. Although the launch date has yet to be disclosed, the company plans to stay ahead in the game with an additional implementation to the layers of control within its VPN, removal of certain functionalities and setting the right limitations within admin tooling. This will not just improve security but shall also refresh the frequency of tokens to be required for Okta-integrated applications ahead.
Established in 2008, Twilio is a cloud communications company for a new era. The company moves ahead with only one notion: to empower the most engaging interaction and build personalised customer interactions. The platform combines flexible APIs for different digital channels with its first-party customer data and an innate global infrastructure to support and upscale. Get introduced to simple tools to resolve complex problems, delivered as a developer-first cloud platform with global reach and no shenanigans pricing.