According to Twilio, while remaining anonymous, the hackers convinced several of the company’s employees to hand over their corporate credentials, allowing them to gain access to the company’s internal systems.
During the attack, unknown people used phishing SMS messages that allegedly came from the IT department of Twilio. They said that the password of the employees had expired or the work schedule had changed, so the attackers tried to lure the victim to a web address controlled by themselves
Twilio said the attackers included words like “Okta” and “SSO” in the messages to make them look more believable. The company said it has already contacted US carriers to stop phishing emails and hosting providers to block malicious URLs.
However, according to Twilio, the hackers were not immediately stopped. The attackers continued the mailing, changing telecom operators and hosting providers.
The company said it revoked access to hacked accounts after the attack and trained employees to be prepared for social engineering attacks. Twilio has already contacted affected customers.