Twilio disclosed that a cyberattack involving the theft of employee credentials allowed attackers to access data from "a limited number" of customer accounts.
As a provider of software that connects with customer systems, hackers targeting the company likely saw the potential to access data from end customers through initially compromising Twilio. The attack is similar to the one that hit identity security vendor Okta and some of its customers earlier this year.
In a blog post on Sunday, Twilio said that it learned of the unauthorized access on August 4. The company blamed a "sophisticated" social engineering campaign, in which attackers tricked Twilio employees into sharing their credentials, using text messages that pretended to be from the company's IT department.
"The attackers then used the stolen credentials to gain access to some of our internal systems, where they were able to access certain customer data," Twilio said in the blog post.
The company said it has been notifying affected customers individually. "If you are not contacted by Twilio, then it means we have no evidence that your account was impacted by this attack," the company said.
Twilio did not disclose how many customers were affected or what types of data may have been accessed. The company said, though, that it was aware that other companies have faced similar hacking campaigns. In an effort to stave off additional breaches, Twilio said it's working with those companies. Among the actions they're taking is asking mobile carriers to block "malicious messages" in the first place and asking hosts and registrars to shut down the URLs used to trick employees.
"We continue to notify and are working directly with customers who were affected by this incident," Twilio said. "We are still early in our investigation, which is ongoing."
Twilio provides customer engagement software for sending text messages and other types of communications through API connections. In July, Twilio CEO Jeff Lawson told Protocol that the company's business has been "performing very well," though he recognized that the changing economic environment is "clearly rewarding profitability."
Climate TRACE's data show emissions at the facility-level.Image: Climate TRACE