International Cyber Expo International Cyber Expo
  • About Us
Friday, 10 July, 2026
IT Security Guru
International Cyber Expo
  • Home
  • Features
  • Insight
  • Channel News
  • Events
    • Most Inspiring Women in Cyber 2026
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Channel News
  • Events
    • Most Inspiring Women in Cyber 2026
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
IT Security Guru
No Result
View All Result

Twilio Suffers Phishing Based Data Breach

Twilio, the communications giant, has confirmed that hackers accessed customer data after successfully tricking employees into handing over their corporate login credentials. 

by Guru Writer
August 9, 2022
in Cyber Bites
Arms on a table, notepads.
Share on FacebookShare on Twitter

Twilio, the communications giant, has confirmed that hackers accessed customer data after successfully tricking employees into handing over their corporate login credentials.

The company, based in San Francisco, allows users to build voice and SMS capabilities, such as two-factor authentication (2FA), into applications, said that it became aware that someone gained “unauthorised access” to information related to some Twilio customer accounts on 4th August. These findings were published in a blog post on Monday 9th.

Twilio has more than 150,000 corporate customers, including Uber and Facebook.

The threat actor has not yet been identified.

The attack used SMS phishing messages that claimed to come from Twilio’s IT department, suggesting that the employees’ password had expired or that their schedule had changed. The text advised the target to log in using the spoofed web address provided.

Twilio said that these texts appeared to look legitimate and used specific jargon that companies use to secure access to their internal apps, such as “SSO”. Twilio stated that they worked with US carriers to stop the malicious messages, as well as registrars and hosting providers to shut down the malicious URLs used in the campaign.

The blog post added: “Despite this response, the threat actors have continued to rotate through carriers and hosting providers to resume their attacks. Based on these factors, we have reason to believe the threat actors are well-organized, sophisticated and methodical in their actions.”

It has not yet been disclosed as to how many customers have been affected or what data has been stolen.

The communication giant has said that since the attack it has revoked access to the compromised employee accounts and has increased its security training to ensure employees are on “high alert” for similar social engineering attacks. Affected customers are being contacted on an individual basis.

Erfan Shadabi, Cybersecurity Expert at comforte AG, noted: “Many of the data breaches we have seen in the past few months have human error lurking within their backstories. Phishing is a type of cybercrime in which victims are contacted by an attacker posing as a trustworthy entity in order to obtain sensitive information or data, such as login credentials, credit card details, or other personally identifiable information.

“One of the best approaches to mitigate such attacks is to adopt the Zero Trust framework.”

ShareTweet
Previous Post

How to stay safe from cybercriminals and avoid data breaches 

Next Post

7-Eleven Stores in Denmark Close After Cyberattack

Recent News

Cyber Shield

UK Government Unveils AI Powered Cyber Shield to Strengthen National Cyber Defense

July 10, 2026
KnowBe4 phishing by industry

Healthcare, Hospitality and Construction Named UK’s Most Phishing-Prone Industries

July 10, 2026
hand typing on keyboard

CitrixBleed 2 exploited in repeatable attack chain culminating in DragonForce ransomware, researchers find

July 9, 2026
malware

Huntress Uncovers ‘Vibe-Coded’ Malware Used to Map Active Directory Environments

July 8, 2026

The IT Security Guru offers a daily news digest of all the best breaking IT security news stories first thing in the morning! Rather than you having to trawl through all the news feeds to find out what’s cooking, you can quickly get everything you need from this site!

Our Address: 10 London Mews, London, W2 1HY

Follow Us

© 2015 - 2026 IT Security Guru - Website Managed by Dessol

  • About Us
Manage Consent
To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.
Functional Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes. The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
  • Manage options
  • Manage services
  • Manage {vendor_count} vendors
  • Read more about these purposes
View preferences
  • {title}
  • {title}
  • {title}
No Result
View All Result
  • Home
  • Features
  • Insight
  • Channel News
  • Events
    • Most Inspiring Women in Cyber 2026
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us

© 2015 - 2026 IT Security Guru - Website Managed by Dessol