Cybersecurity NewsNews

Twilio Hacks Over 1,000 Messager Accounts.

Cyberattack is seen to have exposed 1,900 phone numbers. Thus poses a threat to victim earlier this month.

It was assumed the threat actors registered users phone numbers to another device during the attack. Although the company assured users contact list, login details, profile information, transaction details and other data are still intact with no alteration.

There’s a high probability the phone numbers is registered to Signal by attacker. Signal uses Twillo to send verification codes across users when registering on the app. They intend to inform users defect attached with the services on their device

Twilio Reveals More Information

Attackers devise a phishing link sent across employees of the company. By clicking the links, their data becomes vulnerable to attack. Twillo disclosed 125 customers account is fully accessed by threat actors. The breach took place earlier this month.

Anonymous cyber attackers misused the access to penetrate the company database to collect three phone numbers. The number is seen to be registered as normal user account being used to send and receive messages from the same number.

Company recommends users to enable an extra layer of security when requesting for verification codes from Signal. Phone numbers should be scanned to confirm originality.

The phishing act is unable to penetrate web infrastructure provider Cloudfare due to enhanced protection and security keys their employees possess.

Social engineering involves gathering information about a target and extract vital data from that individual by disguising for legit intentions. It is advised for employees to be extra vigilant on links and information they provide to people.

This recent incident pose a threat to third-party vendors. Since phone numbers are used as unique identifier with the technology susceptible to SIM swapping, password hacked, transaction details accessed, malicious actors carry out illicit attack on this data and take over money transactions.

Extra security policy is advised to be enabled on devices to avoid loss of vital information.

Related Articles

Back to top button