Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
×
Security Technology

Twilio Hackers Breached Over 130 Organizations During Months-Long Hacking Spree (techcrunch.com) 9

The hackers that breached Twilio earlier this month also compromised more than 130 other organizations during their hacking spree that netted the credentials of close to 10,000 employees. TechCrunch: Twilio's recent network intrusion allowed the hackers to access the data of 125 Twilio customers and companies -- including end-to-end encrypted messaging app Signal -- after tricking employees into handing over their corporate login credentials and two-factor codes from SMS phishing messages that purported to come from Twilio's IT department. At the time, TechCrunch learned of phishing pages impersonating other companies, including a U.S. internet company, an IT outsourcing company and a customer service provider, but the scale of the campaign remained unclear.

Now, cybersecurity company Group-IB says the attack on Twilio was part of a wider campaign by the hacking group it's calling "0ktapus," a reference to how the hackers predominantly target organizations that use Okta as a single sign-on provider. Group-IB, which launched an investigation after one of its customers was targeted by a linked phishing attack, said in findings shared with TechCrunch that the vast majority of the targeted companies are headquartered in the U.S. or have U.S.-based staff. The attackers have stolen at least 9,931 user credentials since March, according to Group-IB's findings, with more than half containing captured multi-factor authentication codes used to access a company's network.

This discussion has been archived. No new comments can be posted.

Twilio Hackers Breached Over 130 Organizations During Months-Long Hacking Spree

Comments Filter:
  • are more like aSS

  • by Otis B. Dilroy III ( 2110816 ) on Friday August 26, 2022 @05:33PM (#62826545)
    When you outsource any part of your coporate effort, you buying from vendors whose sole interest in your organization is as a profit center.

    Their business is structured to make the most profit from you that they can while providing the lowest level service.

    This means:
    They hire the cheapest employees they can get and treat them like crap.
    No corner is left uncut.
    The contract that you have to sign, if truly read and interpreted, removes them from virtually all legal liability.
    They are as sloppy as they can get in terms of security, customer service, and honesty.
    They will monetize any information which they can extract from your organization as a matter of policy.

    There is no such thing ass a free lunch.
    There is no honor among thieves.
    All of the above goes double if the service is "free."
    • And get the outsourcing manager a higher quarterly bonus.

      Incentives matter.

    • by tlhIngan ( 30335 )

      So why don't you show us your computer you designed, built and constructed from sand, your car you made from iron ore, the steps you go through to gather your food, etc?

      After all, you probably outsourced your car to Ford, GM, or other company. You outsourced your food to the supermarket and to the food producers. You outsourced your computer to the manufacturer who outsourced the parts from Samsung, Intel, AMD, etc.

      Your company outsourced the building their in to the property management company, everyone ou

  • So what happens to us, customers of the 130 companies? Have they investigated the breach on their end? Is there any information about cascading consequences, such as end user account credential leaks? I haven't seen any mention of this hack on Signal's blog [signal.org] for example.

"To take a significant step forward, you must make a series of finite improvements." -- Donald J. Atwood, General Motors

Working...