Twilio is a company based out of San Francisco, California. They provide communication technology, including text messages, emails, phone calls, and more.
The breach was a phishing attack designed to look like it was from the Twilio IT department. The hackers said the right things in the wrong places, thus gaining access to such a widely used platform.
The breach occurred through a phishing campaign that convinced Twilio employees to give personal information and data to hackers. They used SMS messages to send a link to a site that looked like the Twilio sign-in page, then used the collected information to access the database.
This breach occurred on August 4th, 2022.
On August 10th, Twilio updated its blog, saying, “We have identified approximately 125 Twilio customers whose data was accessed by malicious actors for a limited time, and we have notified all of them." Only having 125 out of over 275,000 accounts accessed seems merciful for the company. Twilio also assured users that "there is no evidence that customer passwords, authentication tokens, or API keys were accessed without authorization."
Twilio initially refused to comment on how many customers were affected by the breach but instead listed all information that may have been accessed in the hack, which includes names, addresses, IP addresses, and the occasional proof of identification. This information hasn't been released to the public, which is a relief to Twilio customers. Read more at Phishing Messages Tricked Twilio Employees Into Divulging Sensitive Credentials.