Data Breach

Twilio Data Breach

163 records exposed • August 2022

Hackers sent text messages to Twilio employees pretending to be IT support, tricking them into logging into a fake website. This gave attackers access to customer data.

What Happened

Attackers used SMS phishing to trick Twilio employees into revealing credentials. The breach affected 163 customer accounts and was part of a broader campaign targeting tech companies.

Attack method: SMS phishing (smishing)

What Data Was Exposed

Customer data, Phone numbers, Authentication tokens

Is your business exposed?

What to Do If You're Affected

1.
Review Twilio account for unauthorized access
2.
Rotate API keys and authentication tokens
3.
Alert users if customer data was compromised

Lessons for Businesses

• SMS phishing can be highly effective
• Tech companies are targets for supply chain attacks
• Employee security awareness must cover mobile threats

Sources

https://www.twilio.com/blog/august-2022-social-engineering-attack

Related Breaches

Okta 2022, Cloudflare 2022

Is your business exposed?

Check if your company data is circulating on the dark web

Free scan • No credit card required