Digital Authentication Firm Twilio Says Hackers Accessed Customer Data

The hackers tricked employees into giving up their passwords.

The report said attackers targeted Twilio employees with fake texts, which said the staffers’ password credentials had expired. The texts had links to websites which “appeared to be legitimate” and then harvested employee information.

The company hasn’t identified the specific attackers who committed the breach. It has reportedly hired on a computer forensics firm to look into remediation for the issue.

Twilio also said there were other companies who got attacked, but it did not name them.

Twilio is an attractive target for attackers since access to its service would give hackers access Twilio clients or their accounts.

“This broad-based attack against our employee base succeeded in fooling some employees into providing their credentials,” Twilio said in a blog post on Sunday. “The attackers then used the stolen credentials to gain access to some of our internal systems, where they were able to access certain customer data.”

Cybersecurity has been more of a concern for many companies.

Read more: Report: Experian Faces Class-Action Lawsuit Over Security Concerns

PYMNTS wrote that Experian, the consumer credit bureau, has been facing a class-action lawsuit over the allegations it didn’t do enough to prevent identity theft.

KrebsOnSecurity  wrote that identity thieves had  been able to get control of individuals’ accounts through signing up for new accounts using victims’ information and a new email address.

The report said Experian’s practice of letting account re-registration happen, without checking with the original account, had violated the Fair Credit Reporting Act.

See also: PYMNTS Intelligence: Understanding Social Engineering Scams

Another PYMNTS report noted that social engineering scams are hard to detect because of the victims’ seeming willingness to cooperate. In effect, the hacker uses the victim to circumvent measures designed to stop criminals.