Communication services provider Twilio this week disclosed that it experienced another “brief security incident” in June 2022 perpetrated by the same threat actor behind the August hack that resulted in unauthorized access of customer information.
The security event occurred on June 29, 2022, the company said in an updated advisory shared this week, as part of its probe into the digital break-in.
“In the June incident, a Twilio employee was socially engineered through voice phishing (or ‘vishing’) to provide their credentials, and the malicious actor was able to access customer contact information for a limited number of customers,” Twilio said.
It further said the access gained following the successful attack was identified and thwarted within 12 hours, and that it had alerted impacted customers on July 2, 2022.
The San Francisco-based firm did not reveal the exact number of customers impacted by the June incident, and why the disclosure was made four months after it took place. Details of the second breach come as Twilio noted the threat actors accessed the data of 209 customers, up from 163 it reported on August 24, and 93 Authy users.
images from Hacker News