Within 12 hours another data breach was stopped following the discovery by Twilio security team that started even before the August hack!

Continue reading
Twilio announced yet another new data breach coming from a June 2022 security issue in which the same attackers were responsible for the August 2022 hack obtaining access to user data.
On June 29, Twilio reported a _"brief security issue."_ In a voice phishing attack, the attacker employed social engineering to deceive workers into divulging their credentials.
The compromised credentials were then used to access contact information for a restricted number of consumers.
_"Within twelve hours, the threat actor's access was discovered and revoked. On July 2, 2022, customers whose information was compromised by the June Incident were alerted, "_ the company said on Thursday.
Twilio revealed that the attackers responsible for the August breach accessed the data of 209 customers & 93 Authy end users after gaining access to several internal non-production systems using staff credentials taken in an SMS phishing attack.
209 clients, out of a total customer base of over 270,000, and 93 Authy end users, out of an estimated 75 million users, had accounts affected by the incident, according to Twilio.
Twilio discovered no indication that any of its customers' console account credentials, API keys, or authentication tokens were also obtained during the incident investigation.
Although the corporation notified the issue on August 7, new information reveals that the attackers continued to access this environment for an additional two days.
_"The last unlawful action noticed in our environment occurred on August 9, 2022,"_ the business said.
According to a statement released by Twilio following the August Hack, the attackers obtained access to the company's encrypted network by gaining access to employee credentials through an SMS phishing attack.
Once within Twilio's infrastructure, the hackers gained access to customer data via administrative portals, obtained Authy 2FA accounts and codes, and registered their own devices to receive temporary tokens.
The data breach at Twilio is part of a larger effort by a threat actor identified as Scatter Swine or 0ktapus, which targeted at least 130 firms, including MailChimp, Klaviyo, and Cloudflare.
In addition to disclosing that its workers' credentials were obtained in a similar SMS phishing attack, Cloudflare said that the attackers were prevented from breaching its systems by FIDO2-compliant hardware security keys supplied by the business.
Twilio has reset the credentials of compromised employee user accounts and is sending FIDO2 tokens to all workers as a consequence of the breaches in June and August.

A third-party software flaw inside one of Japan's largest telcos exposed login credentials for up to 14.2 million email accounts across six ISPs. The passwords? Some were hashed. Some may not have been