Twilio, a cloud communications company, was hacked at the beginning of the month via a phishing attack on its employees, allowing cybercriminals access to some of its customers' data.
According to the latest report, the data breach has exposed the sensitive data of nearly 1,900 Signal users. Twilio provides phone number verification services for Signal. The cyberattacker is yet to be identified, but the phishing attack has revealed some interesting details.
- The attackers gained access to Twilio's network using credentials belonging to multiple employees, stolen in an SMS phishing attack.
- The attackers then used the stolen credentials to bypass a few of Twilio’s internal systems, and also accessed certain customer data.
- After discovering the data breach, Twilio revoked the compromised employee credentials to block the attackers' access to its systems and started notifying affected customers.
Twilio confirmed that the data breach affected 125 of its customers, but the attackers were unable to access the affected clients' authentication information.
Signal advisory details
Following the data breach Signal did, however, issue a user advisory confirming that their personal data was safe with the company and that they were not affected.
- The company suspects that the attacker attempted to register the phone numbers of the 1,900 hacked Signal users on another device.
- With access to Twilio's customer support console, the hacker could either see that the phone number was associated with a Signal account or reveal the SMS verification code for registering with the service.
- As per the encrypted instant messaging service, the attacker explicitly searched for three of the 1,900 phone numbers. One of these users said their account had been re-registered.
- The company warns that if an attacker re-registers an account on one of their devices, they will be able to send and receive Signal messages from that phone number.
Twilio has 150,000 customers, and a phishing attack of this magnitude has demonstrated that its system is not completely secure. Following the data breach, their employees are on high alert for social engineering attacks, and security advisories have been issued on the specific tactics used by malicious actors.
Signal has also proposed that all affected 1,900 Signal users be unregistered on all devices and that the owners re-register their devices. Users are also encouraged to enable the registration lock option, which allows them to recover their profile, settings, contacts, and blocked users.