- Twilio systems have been breached by unknown threat actors, resulting in the compromise of many users’ accounts, including some in Authy.
- The incident happened in early August and it was achieved by a successful phishing attack aimed at Twilio employees.
- Only 93 Authy users’ accounts were compromised. However, it is not clear whether those accounts were specifically targeted.
Twilio, a communications company that offers services such as SMS messaging, automated voice calls, and e-mail campaigns has been breached by a phishing attack via social engineering last week. The company has announced that the attackers have managed to access some of its customers’ data; Twilio has more than 268,000 active customer accounts.
Only 93 users were affected
Twilio is not only known for its communication services; many end-users know the company with its password managing software, Authy. Last week, Twilio disclosed that the breach compromised 93 users’ Authy accounts. It is a very small number compared to the total user database of the service, which is estimated at around 75 million. It is not clear whether those 93 users were specifically targeted, or not. But the attackers have managed to obtain the 2FA codes that were generated for Authy accounts.
In addition to Authy, the Twilio breach has also resulted in the stealing of one-time passwords for Okta customers. Those passwords were meant to be delivered to the customers via SMS, and they are valid for only five minutes.
Threat actors are currently targeting password management companies; last week, we have also shared the news regarding the breach of LastPass, which is Authy’s competitor.