Twillio reports final findings of ‘smishing’ incident
Twillio reported in its blog post the final findings of the smishing incident that occurred in August 2022, targeting its employees and customers. The company found that 209 customer accounts were affected by the incident, while no evidence shows that hackers accessed customer console account credentials, authentication tokens, or API keys.
The American communication program company, Twillio, provided in its blog post the final findings of the cyber incident of 9 August 2022 that targeted its employees and customers. In August 2022, the company identified unauthorized access that stole employee credentials via phishing SMS and affected 209 customer accounts. Hackers pretended to be the IT team of the company, asking employees and customers to change their account passwords. No evidence indicates that hackers accessed customer console account credentials, authentication tokens, or API keys. Twillio stated that it reset the credentials of the comprised accounts, revoked all active sessions associated with the compromised OKTA-integrated apps, blocked all indicators connected with the attack, and initiated takedown requests of fake accounts.